mirror of
https://github.com/PyratLabs/ansible-role-k3s
synced 2024-12-12 05:50:18 +01:00
Resolve merge conflict
This commit is contained in:
commit
976fe8c0ca
85 changed files with 1183 additions and 1151 deletions
|
@ -1,2 +1,4 @@
|
|||
---
|
||||
|
||||
skip_list:
|
||||
- '106'
|
||||
|
|
54
.github/ISSUE_TEMPLATE/bug_report.md
vendored
Normal file
54
.github/ISSUE_TEMPLATE/bug_report.md
vendored
Normal file
|
@ -0,0 +1,54 @@
|
|||
---
|
||||
name: Bug report
|
||||
about: Create a report to help us improve
|
||||
---
|
||||
|
||||
<!-- Please first verify that your issue is not already reported on GitHub -->
|
||||
<!-- Complete *all* sections as described. -->
|
||||
|
||||
### Summary
|
||||
|
||||
<!-- Explain the problem briefly below -->
|
||||
|
||||
### Issue Type
|
||||
|
||||
- Bug Report
|
||||
|
||||
### Controller Environment and Configuration
|
||||
|
||||
<!-- Please re-run your playbook with: `-e "pyratlabs_issue_controller_dump=true"` -->
|
||||
<!-- Example: `ansible-playbook -e "pyratlabs_issue_controller_dump=true" /path/to/playbook.yml` -->
|
||||
<!-- Then please copy-and-paste the contents (or attach) to this issue. -->
|
||||
|
||||
```text
|
||||
|
||||
```
|
||||
|
||||
|
||||
### Steps to Reproduce
|
||||
|
||||
<!-- Describe exactly how to reproduce the problem, using a minimal test-case -->
|
||||
|
||||
<!-- Paste example playbooks or commands between quotes below -->
|
||||
|
||||
```yaml
|
||||
|
||||
```
|
||||
|
||||
### Expected Result
|
||||
|
||||
<!-- Describe what you expected to happen when running the steps above -->
|
||||
|
||||
```text
|
||||
|
||||
```
|
||||
|
||||
### Actual Result
|
||||
|
||||
<!-- Describe what actually happened. If possible run with extra verbosity (-vvvv) -->
|
||||
|
||||
<!-- Paste verbatim command output between quotes -->
|
||||
|
||||
```text
|
||||
|
||||
```
|
3
.github/ISSUE_TEMPLATE/config.yml
vendored
Normal file
3
.github/ISSUE_TEMPLATE/config.yml
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
|
||||
blank_issues_enabled: true
|
33
.github/ISSUE_TEMPLATE/feature_request.md
vendored
Normal file
33
.github/ISSUE_TEMPLATE/feature_request.md
vendored
Normal file
|
@ -0,0 +1,33 @@
|
|||
---
|
||||
name: Feature request
|
||||
about: Suggest an idea for this project
|
||||
---
|
||||
|
||||
<!-- Please first verify that your feature was not already discussed on GitHub -->
|
||||
<!-- Complete *all* sections as described, this form is processed automatically -->
|
||||
|
||||
### Summary
|
||||
|
||||
<!-- Describe the new feature/improvement briefly below -->
|
||||
|
||||
### Issue Type
|
||||
|
||||
- Feature Request
|
||||
|
||||
### User Story
|
||||
|
||||
<!-- If you can, please provide a user story, if you don't know what this is don't worry, it will be refined by PyratLabs. -->
|
||||
<!-- Describe who would use it, why it is needed and the benefit -->
|
||||
|
||||
_As a_ <!-- (Insert Persona) --> \
|
||||
_I want to_ <!-- (Insert Action) --> \
|
||||
_So that_ <!-- (Insert Benefit) -->
|
||||
|
||||
### Additional Information
|
||||
|
||||
<!-- Please include any relevant documentation, URLs, etc. -->
|
||||
<!-- Paste example playbooks or commands between quotes below -->
|
||||
|
||||
```yaml
|
||||
|
||||
```
|
37
.github/PULL_REQUEST_TEMPLATE.md
vendored
Normal file
37
.github/PULL_REQUEST_TEMPLATE.md
vendored
Normal file
|
@ -0,0 +1,37 @@
|
|||
## TITLE
|
||||
|
||||
### Summary
|
||||
|
||||
<!-- Describe the change below, including rationale and design decisions -->
|
||||
|
||||
<!-- HINT: Include "Fixes #nnn" if you are fixing an existing issue -->
|
||||
|
||||
### Issue type
|
||||
|
||||
<!-- Pick one below and delete the rest -->
|
||||
- Bugfix
|
||||
- Documentation
|
||||
- Feature
|
||||
|
||||
### Test instructions
|
||||
|
||||
<!-- Please provide instructions for testing this PR -->
|
||||
|
||||
### Acceptance Criteria
|
||||
|
||||
<!-- Please list criteria required to ensure this change has been sufficiently reviewed. -->
|
||||
|
||||
<!-- Example ticklist:
|
||||
- [ ] Travis-CI Build passes.
|
||||
- [ ] Documentation updated.
|
||||
-->
|
||||
|
||||
### Additional Information
|
||||
|
||||
<!-- Include additional information to help people understand the change here -->
|
||||
|
||||
<!-- Paste verbatim command output below, e.g. before and after your change -->
|
||||
|
||||
```text
|
||||
|
||||
```
|
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -8,3 +8,4 @@ vagramt/fetch
|
|||
vagrant/ubuntu-*.log
|
||||
__pycache__
|
||||
ansible.cfg
|
||||
pyratlabs-issue-dump.txt
|
||||
|
|
29
.travis.yml
29
.travis.yml
|
@ -13,40 +13,35 @@ env:
|
|||
- MOLECULE_SCENARIO: default
|
||||
matrix:
|
||||
- MOLECULE_DISTRO: geerlingguy/docker-debian10-ansible:latest
|
||||
- MOLECULE_DISTRO: geerlingguy/docker-ubuntu2004-ansible:latest
|
||||
|
||||
# Test installing docker
|
||||
- MOLECULE_DISTRO: geerlingguy/docker-centos7-ansible:latest
|
||||
MOLECULE_PLAYBOOK: playbook-docker.yml
|
||||
MOLECULE_SCENARIO: docker
|
||||
- MOLECULE_DISTRO: geerlingguy/docker-ubuntu1804-ansible:latest
|
||||
MOLECULE_PLAYBOOK: playbook-docker.yml
|
||||
MOLECULE_SCENARIO: docker
|
||||
- MOLECULE_DISTRO: geerlingguy/docker-amazonlinux2-ansible:latest
|
||||
MOLECULE_PLAYBOOK: playbook-docker.yml
|
||||
|
||||
# Test using alternate port and using wireguard as the flannel backend
|
||||
- MOLECULE_DISTRO: geerlingguy/docker-centos7-ansible:latest
|
||||
MOLECULE_PLAYBOOK: playbook-docker-altport-wireguard.yml
|
||||
MOLECULE_SCENARIO: docker
|
||||
|
||||
# Test disabling all deployments
|
||||
- MOLECULE_DISTRO: geerlingguy/docker-fedora31-ansible:latest
|
||||
MOLECULE_PLAYBOOK: playbook-no-deploy.yml
|
||||
MOLECULE_SCENARIO: nodeploy
|
||||
|
||||
# Test multiple controllers in control plane with PostgreSQL
|
||||
# Test multiple control nodes in control plane with PostgreSQL
|
||||
- MOLECULE_DISTRO: geerlingguy/docker-fedora29-ansible:latest
|
||||
MOLECULE_SCENARIO: highavailability
|
||||
MOLECULE_SCENARIO: highavailabilitydb
|
||||
|
||||
# Test multiple controllers with auto deploying manifests
|
||||
# Test multiple control nodes with auto deploying manifests
|
||||
- MOLECULE_DISTRO: geerlingguy/docker-fedora30-ansible:latest
|
||||
MOLECULE_SCENARIO: highavailability
|
||||
MOLECULE_PLAYBOOK: playbook-auto-deploying-manifests.yml
|
||||
MOLECULE_SCENARIO: autodeploy
|
||||
|
||||
# Test multiple controllers in control plane with Etcd
|
||||
# Test multiple control nodes in control plane with Etcd
|
||||
- MOLECULE_DISTRO: geerlingguy/docker-centos8-ansible:latest
|
||||
MOLECULE_SCENARIO: highavailability
|
||||
MOLECULE_PLAYBOOK: playbook-etcd.yml
|
||||
MOLECULE_SCENARIO: highavailabilityetcd
|
||||
|
||||
install:
|
||||
# Install test dependencies.
|
||||
- pip install molecule[docker] docker jmespath ansible-lint
|
||||
- pip install -r molecule/requirements.txt
|
||||
|
||||
before_script:
|
||||
# Use actual Ansible Galaxy role name for the project directory.
|
||||
|
|
22
.yamllint
22
.yamllint
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
|
||||
# Based on ansible-lint config
|
||||
extends: default
|
||||
|
||||
rules:
|
||||
|
@ -9,5 +9,25 @@ rules:
|
|||
brackets:
|
||||
max-spaces-inside: 1
|
||||
level: error
|
||||
colons:
|
||||
max-spaces-after: -1
|
||||
level: error
|
||||
commas:
|
||||
max-spaces-after: -1
|
||||
level: error
|
||||
comments: disable
|
||||
comments-indentation: disable
|
||||
document-start: disable
|
||||
empty-lines:
|
||||
max: 3
|
||||
level: error
|
||||
hyphens:
|
||||
level: error
|
||||
indentation: disable
|
||||
key-duplicates: enable
|
||||
line-length: disable
|
||||
new-line-at-end-of-file: disable
|
||||
new-lines:
|
||||
type: unix
|
||||
trailing-spaces: disable
|
||||
truthy: disable
|
||||
|
|
55
CHANGELOG.md
Normal file
55
CHANGELOG.md
Normal file
|
@ -0,0 +1,55 @@
|
|||
# Change Log
|
||||
|
||||
<!--
|
||||
## DATE, vx.x.x
|
||||
|
||||
### Notable changes
|
||||
|
||||
### Breaking changes
|
||||
|
||||
### Contributors
|
||||
-->
|
||||
|
||||
## 2020-11-29, v2.0.0
|
||||
|
||||
### Notable changes
|
||||
|
||||
- #64 - Initial release of v2.0.0 of
|
||||
[ansible-role-k3s](https://github.com/PyratLabs/ansible-role-k3s).
|
||||
- Minimum supported k3s version now: v1.19.1+k3s1
|
||||
- Minimum supported Ansible version now: v2.10.0
|
||||
- #62 - Remove all references to the word "master".
|
||||
- #53 - Move to file-based configuration.
|
||||
- Refactored to avoid duplication in code and make contribution easier.
|
||||
- Validation checks moved to using variables defined in `vars/`
|
||||
|
||||
### Breaking changes
|
||||
|
||||
#### File based configuration
|
||||
|
||||
Issue #53
|
||||
|
||||
With the release of v1.19.1+k3s1, this role has moved to file-based
|
||||
configuration of k3s. This requires manuall translation of v1 configuration
|
||||
variables into configuration file format.
|
||||
|
||||
Please see: https://rancher.com/docs/k3s/latest/en/installation/install-options/#configuration-file
|
||||
|
||||
#### Minimum supported k3s version
|
||||
|
||||
As this role now relies on file-based configuration, the v2.x release of this
|
||||
role will only support v1.19+ of k3s. If you are not in a position to update
|
||||
k3s you will need to continue using the v1.x release of this role, which will
|
||||
be supported until March 2021<!-- 1 year after k8s v1.18 release -->.
|
||||
|
||||
#### Minimum supported ansible version
|
||||
|
||||
This role now only supports Ansible v2.10+, this is because it has moved on to
|
||||
using FQDNs, with the exception of `set_fact` tasks which have
|
||||
[been broken](https://github.com/ansible/ansible/issues/72319) and the fixes
|
||||
have [not yet been backported to v2.10](https://github.com/ansible/ansible/pull/71824).
|
||||
|
||||
The use of FQDNs allows for custom modules to be introduced to override task
|
||||
behavior. If this role requires a custom ansible module to be introduced then
|
||||
this can be added as a dependency and targeted specifically by using the
|
||||
correct FQDN.
|
46
CONTRIBUTING.md
Normal file
46
CONTRIBUTING.md
Normal file
|
@ -0,0 +1,46 @@
|
|||
# Contribution Guidelines
|
||||
|
||||
Thank you for taking time to contribute to this Ansible role.
|
||||
|
||||
There are a number of ways that you can contribute to this project, not all of
|
||||
them requiring you to be able to write code. Below is a list of suggested
|
||||
contributions welcomed by the community:
|
||||
|
||||
- Submit bug reports in GitHub issues
|
||||
- Comment on bug reports with futher information or suggestions
|
||||
- Suggest new features
|
||||
- Create Pull Requests fixing bugs or adding new features
|
||||
- Update and improve documentation
|
||||
- Review the role on Ansible Galaxy
|
||||
- Write a blog post reviewing the role
|
||||
- Sponsor me.
|
||||
|
||||
## Issue guidelines
|
||||
|
||||
Issues are the best way to capture an bug in the role, or suggest new features.
|
||||
This is due to issues being visible to the entire community and allows for
|
||||
other contributors to pick up the work, so is a better communication medium
|
||||
than email.
|
||||
|
||||
A good bug issue will include as much information as possible about the
|
||||
environment Ansible is running in, as well as the role configuration. If there
|
||||
are any relevant pieces of documentation from upstream projects, this should
|
||||
be included.
|
||||
|
||||
New feature requests are also best captured in issues, these should include
|
||||
as much relevant information as possible and if possible include a "user story"
|
||||
(don't sweat if you don't know how to write one). If there are any relevant
|
||||
pieces of documentation from upstream projects, this should be included.
|
||||
|
||||
## Pull request guidelines
|
||||
|
||||
PRs should only contain 1 issue fix at a time to limit the scope of testing
|
||||
required. The smaller the scope of the PR, the easier it is for it to be
|
||||
reviewed.
|
||||
|
||||
PRs should include the keyword `Fixes` before an issue number if the PR will
|
||||
completely close the issue. This is because automation will close the issue
|
||||
once the PR is merged.
|
||||
|
||||
PRs are preferred to be merged in as a single commit, so rebasing before
|
||||
pushing is recommended, however this isn't a strict rule.
|
315
README.md
315
README.md
|
@ -1,17 +1,23 @@
|
|||
# Ansible Role: k3s (v1.x)
|
||||
# Ansible Role: k3s (v2.x)
|
||||
|
||||
Ansible role for installing [Rancher Labs k3s](https://k3s.io/) ("Lightweight
|
||||
Kubernetes") as either a standalone server or cluster.
|
||||
|
||||
[![Build Status](https://www.travis-ci.org/PyratLabs/ansible-role-k3s.svg?branch=main)](https://www.travis-ci.org/PyratLabs/ansible-role-k3s)
|
||||
[![Build Status](https://www.travis-ci.org/PyratLabs/ansible-role-k3s.svg?branch=master)](https://www.travis-ci.org/PyratLabs/ansible-role-k3s)
|
||||
|
||||
## Release notes
|
||||
|
||||
Please see [CHANGELOG.md](CHANGELOG.md).
|
||||
|
||||
## Requirements
|
||||
|
||||
The host you're running Ansible from requires the following Python dependencies:
|
||||
|
||||
<!-- Uncomment below prior to v2 release -->
|
||||
<!-- - `ansible >= 2.7 <= 2.9` -->
|
||||
- `jmespath >= 0.9.0`
|
||||
- `ansible >= 2.10`
|
||||
- `jmespath >= 0.10.0`
|
||||
|
||||
You can install dependencies using the requirements.txt file in this repository:
|
||||
`pip3 install -r requirements.txt`.
|
||||
|
||||
This role has been tested against the following Linux Distributions:
|
||||
|
||||
|
@ -29,32 +35,48 @@ This role has been tested against the following Linux Distributions:
|
|||
- Ubuntu 18.04 LTS
|
||||
- Ubuntu 20.04 LTS
|
||||
|
||||
<!-- Uncomment below prior to v2 release -->
|
||||
<!-- :warning: The v1 releases of this role only supports `k3s <= v1.19`, for
|
||||
`k3s >= v1.19` please consider using the v2+ releases of this role. -->
|
||||
:warning: The v2 releases of this role only supports `k3s >= v1.19`, for
|
||||
`k3s < v1.19` please consider updating or use the v1.x releases of this role.
|
||||
|
||||
Before upgrading, see [CHANGELOG](CHANGELOG.md) for breaking chnages.
|
||||
|
||||
## Disclaimer
|
||||
|
||||
Rancher Labs is awesome and has released k3s as v1.0.0, however at the time of
|
||||
creating this role I do not have a k3s cluster in production nor am I unlikely
|
||||
to ever have one. Please ensure you practice extreme caution and operational
|
||||
rigor before using this role for any serious workloads.
|
||||
Rancher Labs is awesome and k3s is being used in production, however at the
|
||||
time of creating this role I do not have a k3s cluster in production nor am I
|
||||
likely to ever have one. Please ensure you practice extreme caution and
|
||||
operational rigor before using this role for any serious workloads.
|
||||
|
||||
If you have any problems please create a GitHub issue, I maintain this role in
|
||||
my spare time so I cannot promise a speedy fix delivery.
|
||||
|
||||
## Role Variables
|
||||
|
||||
### Group Variables
|
||||
Since K3s [v1.19.1+k3s1](https://github.com/rancher/k3s/releases/tag/v1.19.1%2Bk3s1)
|
||||
you can now configure K3s using a
|
||||
[configuration file](https://rancher.com/docs/k3s/latest/en/installation/install-options/#configuration-file)
|
||||
rather than environment variables or command line arguments. The v2 release of
|
||||
this role has moved to the configuration file method rather than populating a
|
||||
systemd unit file with command-line arguments. There may be exceptions that are
|
||||
defined in [Group/Cluste Variables](#group-cluster-variables), however you will
|
||||
be configuring k3s by configuration files using the `k3s_server` and `k3s_agent`
|
||||
variables.
|
||||
|
||||
See "_Server (Control Plane) Configuration_" and "_Agent (Worker) Configuraion_"
|
||||
below.
|
||||
|
||||
### Group/Cluster Variables
|
||||
|
||||
Below are variables that are set against all of the play hosts for environment
|
||||
consistency.
|
||||
consistency. These are generally cluster-level configuration.
|
||||
|
||||
| Variable | Description | Default Value |
|
||||
|------------------------------------------|-------------------------------------------------------------------------------------|--------------------------------------------|
|
||||
| `k3s_cluster_state` | State of cluster: installed, started, stopped, restarted, downloaded, uninstalled. | installed |
|
||||
|----------------------------------|---------------------------------------------------------------------------------|-----------------------------------------|
|
||||
| `k3s_state` | State of k3s: installed, started, stopped, downloaded, uninstalled, validated. | installed |
|
||||
| `k3s_release_version` | Use a specific version of k3s, eg. `v0.2.0`. Specify `false` for stable. | `false` |
|
||||
| `k3s_config_file` | Loction of the k3s configuration file. | `/etc/rancher/k3s/config.yaml` |
|
||||
| `k3s_build_cluster` | When multiple `play_hosts` are available, attempt to cluster. Read notes below. | `true` |
|
||||
| `k3s_control_node_address` | Use a specific control node address. IP or FQDN. | NULL |
|
||||
| `k3s_github_url` | Set the GitHub URL to install k3s from. | https://github.com/rancher/k3s |
|
||||
| `k3s_skip_validation` | Skip all tasks that validate configuration. | `false` |
|
||||
| `k3s_install_dir` | Installation directory for k3s. | `/usr/local/bin` |
|
||||
|
@ -63,53 +85,78 @@ consistency.
|
|||
| `k3s_server_manifests_templates` | A list of Auto-Deploying Manifests Templates. | [] |
|
||||
| `k3s_use_experimental` | Allow the use of experimental features in k3s. | `false` |
|
||||
| `k3s_use_unsupported_config` | Allow the use of unsupported configurations in k3s. | `false` |
|
||||
| `k3s_non_root` | Install k3s as non-root user. See notes below. | `false` |
|
||||
| `k3s_cluster_cidr` | Network CIDR to use for pod IPs | 10.42.0.0/16 |
|
||||
| `k3s_service_cidr` | Network CIDR to use for service IPs | 10.43.0.0/16 |
|
||||
| `k3s_control_node_address` | Use a specific control node address. IP or FQDN. | _NULL_ |
|
||||
| `k3s_control_token` | Use a specific control token, please read notes below. | _NULL_ |
|
||||
| `k3s_private_registry` | Private registry configuration file (default: "/etc/rancher/k3s/registries.yaml") | _NULL_ |
|
||||
| `k3s_https_port` | HTTPS port listening port. | 6443 |
|
||||
| `k3s_use_docker` | Use Docker rather than Containerd? | `false` |
|
||||
| `k3s_no_flannel` | Do not use Flannel | `false` |
|
||||
| `k3s_flannel_backend` | Flannel backend ('none', 'vxlan', 'ipsec', 'host-gw' or 'wireguard') | vxlan |
|
||||
| `k3s_no_coredns` | Do not use CoreDNS | `false` |
|
||||
| `k3s_cluster_dns` | Cluster IP for CoreDNS service. Should be in your service-cidr range. | _NULL_ |
|
||||
| `k3s_cluster_domain` | Cluster Domain. | cluster.local |
|
||||
| `k3s_resolv_conf` | Kubelet resolv.conf file | _NULL_ |
|
||||
| `k3s_no_traefik` | Do not use Traefik | `false` |
|
||||
| `k3s_no_servicelb` | Do not use ServiceLB, necessary for using something like MetalLB. | `false` |
|
||||
| `k3s_no_local_storage` | Do not use Local Storage | `false` |
|
||||
| `k3s_default_local_storage_path` | Set Local Storage Path. Specify `false` for default. | `false` |
|
||||
| `k3s_no_metrics_server` | Do not deploy metrics server | `false` |
|
||||
| `k3s_kube_apiserver_args` | Customized flag for kube-apiserver process | [] |
|
||||
| `k3s_kube_scheduler_args` | Customized flag for kube-scheduler process | [] |
|
||||
| `k3s_kube_controller_manager_args` | Customized flag for kube-controller-manager process | [] |
|
||||
| `k3s_kube_cloud_controller_manager_args` | Customized flag for kube-cloud-controller-manager process | [] |
|
||||
| `k3s_disable_scheduler` | Disable Kubernetes default scheduler | `false` |
|
||||
| `k3s_disable_cloud_controller` | Disable k3s default cloud controller manager. | `false` |
|
||||
| `k3s_disable_network_policy` | Disable k3s default network policy controller. | `false` |
|
||||
| `k3s_disable_kube_proxy` | Disable k3s default kube proxy. | `false` |
|
||||
| `k3s_write_kubeconfig_mode` | Define the file mode from the generated KubeConfig, eg. `644` | _NULL_ |
|
||||
| `k3s_datastore_endpoint` | Define the database or etcd cluster endpoint for HA. | _NULL_ |
|
||||
| `k3s_datastore_cafile` | Define the database TLS CA file. | _NULL_ |
|
||||
| `k3s_datastore_certfile` | Define the database TLS Cert file. | _NULL_ |
|
||||
| `k3s_datastore_keyfile` | Define the database TLS Key file. | _NULL_ |
|
||||
| `k3s_become_for_all` | Enable become for all (where value for `k3s_become_for_*` is _NULL_ | `false` |
|
||||
| `k3s_become_for_systemd` | Enable become for systemd commands. | _NULL_ |
|
||||
| `k3s_become_for_install_dir` | Enable become for writing to `k3s_install_dir`. | _NULL_ |
|
||||
| `k3s_become_for_usr_local_bin` | Enable become for writing to `/usr/local/bin/`. | _NULL_ |
|
||||
| `k3s_become_for_package_install` | Enable become for installing prerequisite packages. | _NULL_ |
|
||||
| `k3s_become_for_kubectl` | Enable become for kubectl commands. | _NULL_ |
|
||||
| `k3s_become_for_uninstall` | Enable become for running uninstall scripts. | _NULL_ |
|
||||
| `k3s_etcd_datastore` | Use Embedded Etcd as the database backend for HA. (EXPERIMENTAL) | `false` |
|
||||
| `k3s_etcd_disable_snapshots` | Disable Etcd snapshots. | `false` |
|
||||
| `k3s_etcd_snapshot_schedule_cron` | Etcd snapshot cron schedule. | "`* */12 * * *`" |
|
||||
| `k3s_etcd_snapshot_retention` | Etcd snapshot retention. | 5 |
|
||||
| `k3s_etcd_snapshot_directory` | Etcd snapshot directory. | `/var/lib/rancher/k3s/server/db/snapshots` |
|
||||
| `k3s_secrets_encryption` | Use secrets encryption at rest. (EXPERIMENTAL) | `false` |
|
||||
| `k3s_debug` | Enable debug logging on the k3s service | `false` |
|
||||
| `k3s_enable_selinux` | Enable SELinux in containerd. (EXPERIMENTAL) | `false` |
|
||||
| `k3s_etcd_datastore` | Enable etcd embedded datastore (EXPERIMENTAL, read notes below). | `false` |
|
||||
| `k3s_debug` | Enable debug logging on the k3s service. | `false` |
|
||||
|
||||
### Ansible Controller Configuration Variables
|
||||
|
||||
The below variables are used to change the way the role executes in Ansible,
|
||||
particularly with regards to privilege escalation.
|
||||
|
||||
| Variable | Description | Default Value |
|
||||
|----------------------------------|---------------------------------------------------------------------|---------------|
|
||||
| `k3s_become_for_all` | Escalate user privileges for all tasks. Overrides all of the below. | `false` |
|
||||
| `k3s_become_for_systemd` | Escalate user privileges for systemd tasks. | NULL |
|
||||
| `k3s_become_for_install_dir` | Escalate user privileges for creating installation directories. | NULL |
|
||||
| `k3s_become_for_usr_local_bin` | Escalate user privileges for writing to `/usr/local/bin`. | NULL |
|
||||
| `k3s_become_for_package_install` | Escalate user privileges for installing k3s. | NULL |
|
||||
| `k3s_become_for_kubectl` | Escalate user privileges for running `kubectl`. | NULL |
|
||||
| `k3s_become_for_uninstall` | Escalate user privileges for uninstalling k3s. | NULL |
|
||||
|
||||
### Server (Control Plane) Configuration
|
||||
|
||||
The control plane is configured with the `k3s_server` dict variable. Please
|
||||
refer to the below documentation for configuration options:
|
||||
|
||||
https://rancher.com/docs/k3s/latest/en/installation/install-options/server-config/
|
||||
|
||||
The `k3s_server` dictionary variable will contain flags from the above
|
||||
(removing the `--` prefix). Below is an example:
|
||||
|
||||
```yaml
|
||||
k3s_server:
|
||||
datastore-endpoint: postgres://postgres:verybadpass@database:5432/postgres?sslmode=disable
|
||||
docker: true
|
||||
cluster-cidr: 172.20.0.0/16
|
||||
flannel-backend: 'none' # This needs to be in quotes
|
||||
disable:
|
||||
- traefik
|
||||
- coredns
|
||||
```
|
||||
|
||||
Alternatively, you can create a .yaml file and read it in to the `k3s_server`
|
||||
variable as per the below example:
|
||||
|
||||
```yaml
|
||||
k3s_server: "{{ lookup('file', 'path/to/k3s_server.yml') | from_yaml }}"
|
||||
```
|
||||
|
||||
See examples
|
||||
|
||||
### Agent (Worker) Configuraion
|
||||
|
||||
Workers are configured with the `k3s_agent` dict variable. Please refer to the
|
||||
below documentation for configuration options:
|
||||
|
||||
https://rancher.com/docs/k3s/latest/en/installation/install-options/agent-config
|
||||
|
||||
The `k3s_agent` dictionary variable will contain flags from the above
|
||||
(removing the `--` prefix). Below is an example:
|
||||
|
||||
```yaml
|
||||
k3s_agent:
|
||||
with-node-id: true
|
||||
node-label:
|
||||
- "foo=bar"
|
||||
- "hello=world"
|
||||
```
|
||||
|
||||
Alternatively, you can create a .yaml file and read it in to the `k3s_agent`
|
||||
variable as per the below example:
|
||||
|
||||
```yaml
|
||||
k3s_agent: "{{ lookup('file', 'path/to/k3s_agent.yml') | from_yaml }}"
|
||||
```
|
||||
|
||||
#### Important note about `k3s_release_version`
|
||||
|
||||
|
@ -118,7 +165,7 @@ channel of k3s will be installed. If you are developing against a specific
|
|||
version of k3s you must ensure this is set in your Ansible configuration, eg:
|
||||
|
||||
```yaml
|
||||
k3s_release_version: v1.16.9+k3s1
|
||||
k3s_release_version: v1.19.3+k3s1
|
||||
```
|
||||
|
||||
It is also possible to install specific K3s "Channels", below are some
|
||||
|
@ -128,12 +175,11 @@ examples for `k3s_release_version`:
|
|||
k3s_release_version: false # defaults to 'stable' channel
|
||||
k3s_release_version: stable # latest 'stable' release
|
||||
k3s_release_version: testing # latest 'testing' release
|
||||
k3s_release_version: v1.18 # latest v1.18 release
|
||||
k3s_release_version: v1.17-testing # latest v1.17 testing release
|
||||
k3s_release_version: v1.19.2-k3s1 # specific release
|
||||
k3s_release_version: v1.19 # latest 'v1.19' release
|
||||
k3s_release_version: v1.19.3+k3s3 # specific release
|
||||
|
||||
# specific commit
|
||||
# caution - only used for tesing - must be 40 characters
|
||||
# Specific commit
|
||||
# CAUTION - only used for tesing - must be 40 characters
|
||||
k3s_release_version: 48ed47c4a3e420fa71c18b2ec97f13dc0659778b
|
||||
```
|
||||
|
||||
|
@ -195,66 +241,24 @@ a cluster of 25 nodes. To do this we'd use a playbook similar to the below:
|
|||
- xanmanning.k3s
|
||||
```
|
||||
|
||||
#### Important note about `k3s_non_root`
|
||||
|
||||
To install k3s as non root you must not use `become: true`. The intention of
|
||||
this variable is to run a single node development environment. At the time
|
||||
of release v1.0.1, rootless is still experimental.
|
||||
|
||||
You must also ensure that you set both `k3s_use_experimental`
|
||||
and `k3s_use_unsupported_config` to `true`.
|
||||
|
||||
Additionally `k3s_install_dir` must be writable by your user.
|
||||
|
||||
#### Important notes about `k3s_control_node_address` and `k3s_control_token`
|
||||
|
||||
If you set this, you are explicitly specifying the control host that agents
|
||||
should connect to, the value should be an IP address or FQDN.
|
||||
|
||||
If the control host is not configured by this role, then you need to also
|
||||
specify the `k3s_control_token`.
|
||||
|
||||
Please note that this may potentially break setting up agents.
|
||||
|
||||
### Host Variables
|
||||
|
||||
Below are variables that are set against specific hosts in your inventory.
|
||||
|
||||
| Variable | Description | Default Value |
|
||||
|-----------------------------|----------------------------------------------------------------------------------|------------------------|
|
||||
| `k3s_control_node` | Define the host as a control plane node, (True/False). | `false` |
|
||||
| `k3s_node_name` | Define the name of this node. | `$(hostname)` |
|
||||
| `k3s_node_id` | Define the ID of this node. | _NULL_ |
|
||||
| `k3s_flannel_interface` | Define the flannel proxy interface for this node. | _NULL_ |
|
||||
| `k3s_advertise_address` | Define the advertise address for this node. | _NULL_ |
|
||||
| `k3s_bind_address` | Define the bind address for this node. | localhost |
|
||||
| `k3s_node_ip_address` | IP Address to advertise for this node. | _NULL_ |
|
||||
| `k3s_node_external_address` | External IP Address to advertise for this node. | _NULL_ |
|
||||
| `k3s_node_labels` | List of node labels. | _NULL_ |
|
||||
| `k3s_kubelet_args` | A list of kubelet args to pass to the server. | [] |
|
||||
| `k3s_kube_proxy_args` | A list of kube proxy args to pass to the server. | [] |
|
||||
| `k3s_node_taints` | List of node taints. | _NULL_ |
|
||||
| `k3s_node_data_dir` | Folder to hold state. | `/var/lib/rancher/k3s` |
|
||||
| `k3s_tls_san` | A list of additional hosnames or IPs as Subject Alternate Name in the TLS cert. | [] |
|
||||
|
||||
#### Important note about `k3s_control_node` and High Availability (HA)
|
||||
|
||||
By default only one host will be defined as a control node by Ansible, If you
|
||||
do not set a host as a control node, this role will automatically delegate
|
||||
the first play host as a primary control node. This is not suitable for use in
|
||||
the first play host as a control node. This is not suitable for use within
|
||||
a Production workload.
|
||||
|
||||
If multiple hosts have `k3s_control_node` set to true, you must also set
|
||||
`k3s_datastore_endpoint` as the connection string to a MySQL or PostgreSQL
|
||||
database, or external Etcd cluster else the play will fail.
|
||||
If multiple hosts have `k3s_control_node` set to `true`, you must also set
|
||||
`datastore-endpoint` in `k3s_server` as the connection string to a MySQL or
|
||||
PostgreSQL database, or external Etcd cluster else the play will fail.
|
||||
|
||||
If using TLS, the CA, Certificate and Key need to already be available on
|
||||
the play hosts.
|
||||
|
||||
See: [High Availability with an External DB](https://rancher.com/docs/k3s/latest/en/installation/ha/)
|
||||
|
||||
It is also possible, though not supported, to run a single K3s control node with a
|
||||
`k3s_datastore_endpoint` defined. As this is not a typically supported
|
||||
It is also possible, though not supported, to run a single K3s control node
|
||||
with a `datastore-endpoint` defined. As this is not a typically supported
|
||||
configuration you will need to set `k3s_use_unsupported_config` to `true`.
|
||||
|
||||
Since K3s v1.19.1 it is possible to use Etcd as the backend database, and this
|
||||
|
@ -266,83 +270,29 @@ ensure a majority in the event of a network partition. If you want to use 2
|
|||
members or an even number of members, please set `k3s_use_unsupported_config`
|
||||
to `true`.
|
||||
|
||||
#### Important note about `k3s_flannel_interface`
|
||||
|
||||
If you are running k3s on systems with multiple network interfaces, it is
|
||||
necessary to have the flannel interface on a network interface that is routable
|
||||
to the control plane node(s).
|
||||
|
||||
#### Notes about `_args`, `_labels` and `_taints` variables
|
||||
|
||||
Affected variables:
|
||||
|
||||
- `k3s_kube_apiserver_args`
|
||||
- `k3s_kube_scheduler_args`
|
||||
- `k3s_kube_controller_manager_args`
|
||||
- `k3s_kube_cloud_controller_manager_args`
|
||||
- `k3s_kubelet_args`
|
||||
- `k3s_kube_proxy_args`
|
||||
|
||||
These parameters allow for assigning additional args to K3s during runtime.
|
||||
For instance, to use the Azure Cloud Controller, assign the below to
|
||||
the control node's configuration in your host file.
|
||||
|
||||
**YAML**:
|
||||
|
||||
```yaml
|
||||
k3s_kubelet_args:
|
||||
- cloud-provider: external
|
||||
- provider-id: azure
|
||||
```
|
||||
|
||||
_Note, when using an external cloud controller as above, ensure that the native
|
||||
k3s cloud controller is disabled by setting the_ `k3s_disable_cloud_controller`
|
||||
_to_ `true`.
|
||||
|
||||
Ultimately these variables are lists of key-value pairs that will be iterated
|
||||
on. The below example will output the following:
|
||||
|
||||
**YAML**:
|
||||
|
||||
```yaml
|
||||
k3s_node_labels:
|
||||
- foo: bar
|
||||
- hello: world
|
||||
|
||||
k3s_node_taints:
|
||||
- key1: value1:NoExecute
|
||||
```
|
||||
|
||||
**K3S ARGS**:
|
||||
|
||||
```text
|
||||
--node-label foo=bar \
|
||||
--node-label hello=world \
|
||||
--node-taint key1=value1:NoExecute
|
||||
```
|
||||
|
||||
## Dependencies
|
||||
|
||||
No dependencies on other roles.
|
||||
|
||||
## Example Playbooks
|
||||
|
||||
Example playbook, single control node running v0.10.2:
|
||||
Example playbook, single control node running `testing` channel k3s:
|
||||
|
||||
```yaml
|
||||
- hosts: k3s_nodes
|
||||
roles:
|
||||
- { role: xanmanning.k3s, k3s_release_version: v0.10.2 }
|
||||
- { role: xanmanning.k3s, k3s_release_version: testing }
|
||||
```
|
||||
|
||||
Example playbook, Highly Available running the latest release:
|
||||
Example playbook, Highly Available with PostgreSQL database running the latest
|
||||
stable release:
|
||||
|
||||
```yaml
|
||||
- hosts: k3s_nodes
|
||||
vars:
|
||||
molecule_is_test: true
|
||||
k3s_control_node_address: loadbalancer
|
||||
k3s_datastore_endpoint: "postgres://postgres:verybadpass@database:5432/postgres?sslmode=disable"
|
||||
k3s_control_node_address: loadbalancer # Typically a load balancer.
|
||||
k3s_server:
|
||||
datastore-endpoint: "postgres://postgres:verybadpass@database:5432/postgres?sslmode=disable"
|
||||
pre_tasks:
|
||||
- name: Set each node to be a control node
|
||||
set_fact:
|
||||
|
@ -356,6 +306,15 @@ Example playbook, Highly Available running the latest release:
|
|||
|
||||
[BSD 3-clause](LICENSE.txt)
|
||||
|
||||
## Contributors
|
||||
|
||||
Contributions from the community are very welcome, but please read the
|
||||
[contributing guidelines](CONTRIBUTING.md) before doing so, this will help
|
||||
make things as streamlined as possible.
|
||||
|
||||
Also, please check out the awesome
|
||||
[list of contributors](https://github.com/PyratLabs/ansible-role-k3s/graphs/contributors).
|
||||
|
||||
## Author Information
|
||||
|
||||
[Xan Manning](https://xan.manning.io/)
|
||||
|
|
|
@ -1,13 +1,20 @@
|
|||
---
|
||||
|
||||
# k3s cluster state, options: installed, started, stopped, restarted, uninstalled
|
||||
##
|
||||
# Global/Cluster Configuration
|
||||
##
|
||||
|
||||
# k3s state, options: installed, started, stopped, restarted, uninstalled, validated
|
||||
# (default: installed)
|
||||
k3s_cluster_state: installed
|
||||
k3s_state: installed
|
||||
|
||||
# Use a specific k3s version, if set to "false" we will get the latest
|
||||
# k3s_release_version: v0.1.0
|
||||
# k3s_release_version: v1.19.3
|
||||
k3s_release_version: false
|
||||
|
||||
# Loction of the k3s configuration file
|
||||
k3s_config_file: /etc/rancher/k3s/config.yaml
|
||||
|
||||
# When multiple play_hosts are present, attempt to cluster the nodes.
|
||||
# Using false will create multiple standalone nodes.
|
||||
# (default: true)
|
||||
|
@ -25,10 +32,6 @@ k3s_install_dir: /usr/local/bin
|
|||
# Install using hard links rather than symbolic links
|
||||
k3s_install_hard_links: false
|
||||
|
||||
# Path for additional Kubernetes Manifests
|
||||
# https://rancher.com/docs/k3s/latest/en/advanced/#auto-deploying-manifests
|
||||
k3s_server_manifests_dir: /var/lib/rancher/k3s/server/manifests
|
||||
|
||||
# A list of templates used for preconfigure the cluster.
|
||||
k3s_server_manifests_templates: []
|
||||
|
||||
|
@ -38,97 +41,33 @@ k3s_use_experimental: false
|
|||
# Allow for unsupported configurations in k3s?
|
||||
k3s_use_unsupported_config: false
|
||||
|
||||
# Use a database or etcd cluster to enable HA. Examples below:
|
||||
# MySQL:
|
||||
# k3s_datastore_endpoint "mysql://username:password@tcp(hostname:3306)/database-name"
|
||||
# PostgreSQL:
|
||||
# k3s_datastore_endpoint: "postgres://username:password@hostname:port/database-name"
|
||||
# Etcd:
|
||||
# k3s_datastore_endpoint: "https://etcd-host-1:2379,https://etcd-host-2:2379,https://etcd-host-3:2379"
|
||||
k3s_datastore_endpoint: false
|
||||
|
||||
# If using a database endpoint for HA, you can optionally set the CA file,
|
||||
# Cert file and Key file for connecting to the database using TLS.
|
||||
#
|
||||
# These need to already be present on the play hosts.
|
||||
#
|
||||
# k3s_datastore_cafile: /path/to/ca.crt
|
||||
# k3s_datastore_certfile: /path/to/cert.crt
|
||||
# k3s_datastore_keyfile: /path/to/key.pem
|
||||
|
||||
# Use embedded Etcd for HA Datastore? (EXPERIMENTAL)
|
||||
# Enable etcd embedded datastore (EXPERIMENTAL)
|
||||
k3s_etcd_datastore: false
|
||||
|
||||
# Disable Etcd snapshots
|
||||
k3s_etcd_disable_snapshots: false
|
||||
|
||||
# Etcd snapshot cron schedule. Example below is every 12 hours.
|
||||
# k3s_etcd_snapshot_schedule_cron: "* */12 * * *"
|
||||
##
|
||||
# Server Configuration
|
||||
##
|
||||
|
||||
# Etcd snapshot retention
|
||||
# k3s_etcd_snapshot_retention: 5
|
||||
k3s_server: {}
|
||||
# k3s_server:
|
||||
# listen-port: 6443
|
||||
|
||||
# Etcd snapshot directory
|
||||
# k3s_etcd_snapshot_directory: /server/db/snapshots
|
||||
##
|
||||
# Agent Configuration
|
||||
##
|
||||
|
||||
# HTTPS Listening port
|
||||
k3s_https_port: 6443
|
||||
k3s_agent: {}
|
||||
# k3s_agent:
|
||||
# node-label:
|
||||
# - "foo=bar"
|
||||
# - "bish=bosh"
|
||||
|
||||
# Ensure Docker is installed on nodes
|
||||
k3s_use_docker: false
|
||||
##
|
||||
# Ansible Controller configuration
|
||||
##
|
||||
|
||||
# Disable flannel, you will need to install your own CNI driver.
|
||||
k3s_no_flannel: false
|
||||
|
||||
# Flannel backend ('none', 'vxlan', 'ipsec', 'host-gw' or 'wireguard')
|
||||
# k3s_flannel_backend: vxlan
|
||||
|
||||
# Disable CoreDNS, you will need to install your own DNS provider.
|
||||
k3s_no_coredns: false
|
||||
|
||||
# Cluster IP for CoreDNS service. Should be in your service-cidr range.
|
||||
# Use `false` to use default
|
||||
k3s_cluster_dns: false
|
||||
|
||||
# Cluster Domain (default: "cluster.local")
|
||||
# k3s_cluster_domain: cluster.local
|
||||
|
||||
# Disable Traefik
|
||||
k3s_no_traefik: false
|
||||
|
||||
# Disable Service Load Balancer, you will need to install your own
|
||||
# load balancer, such as MetalLB. Must be disabled if using your own
|
||||
# load balancer service.
|
||||
k3s_no_servicelb: false
|
||||
|
||||
# Do not use local storage
|
||||
k3s_no_local_storage: false
|
||||
|
||||
# Do not deploy metrics server
|
||||
k3s_no_metrics_server: false
|
||||
|
||||
# Disable default k3s scheduler
|
||||
k3s_disable_scheduler: false
|
||||
|
||||
# Disable k3s cloud controller
|
||||
k3s_disable_cloud_controller: false
|
||||
|
||||
# Disable k3s network policy controller
|
||||
k3s_disable_network_policy: false
|
||||
|
||||
# Disable k3s default kube proxy.
|
||||
k3s_disable_kube_proxy: false
|
||||
|
||||
# Default local storage path for local provisioner storage class, if set to "false" we will use the default
|
||||
k3s_default_local_storage_path: false
|
||||
|
||||
# Use secret encryption at rest (EXPERIMENTAL)
|
||||
k3s_secrets_encryption: false
|
||||
|
||||
# Enable SELinux in containerd (EXPERIMENTAL)
|
||||
k3s_enable_selinux: false
|
||||
|
||||
# with become privileges for
|
||||
# Use become privileges for
|
||||
k3s_become_for_all: false
|
||||
k3s_become_for_systemd: null
|
||||
k3s_become_for_install_dir: null
|
||||
|
|
|
@ -19,7 +19,7 @@ galaxy_info:
|
|||
# - CC-BY
|
||||
license: BSD
|
||||
|
||||
min_ansible_version: 2.7
|
||||
min_ansible_version: 2.10
|
||||
|
||||
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
||||
# min_ansible_container_version:
|
||||
|
|
|
@ -1,10 +1,11 @@
|
|||
---
|
||||
- name: Converge
|
||||
hosts: all
|
||||
hosts: node*
|
||||
become: true
|
||||
vars:
|
||||
molecule_is_test: true
|
||||
k3s_build_cluster: false
|
||||
k3s_server_manifests_templates:
|
||||
- "molecule/default/templates/00-ns-monitoring.yml.j2"
|
||||
- "molecule/autodeploy/templates/00-ns-monitoring.yml.j2"
|
||||
roles:
|
||||
- role: xanmanning.k3s
|
44
molecule/autodeploy/molecule.yml
Normal file
44
molecule/autodeploy/molecule.yml
Normal file
|
@ -0,0 +1,44 @@
|
|||
---
|
||||
|
||||
dependency:
|
||||
name: galaxy
|
||||
driver:
|
||||
name: docker
|
||||
lint: |
|
||||
set -e
|
||||
yamllint -s .
|
||||
ansible-lint
|
||||
platforms:
|
||||
- name: node1
|
||||
image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}"
|
||||
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
privileged: true
|
||||
pre_build_image: ${MOLECULE_PREBUILT:-true}
|
||||
networks:
|
||||
- name: k3snet
|
||||
- name: node2
|
||||
image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}"
|
||||
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
privileged: true
|
||||
pre_build_image: ${MOLECULE_PREBUILT:-true}
|
||||
networks:
|
||||
- name: k3snet
|
||||
- name: node3
|
||||
image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}"
|
||||
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
privileged: true
|
||||
pre_build_image: ${MOLECULE_PREBUILT:-true}
|
||||
networks:
|
||||
- name: k3snet
|
||||
provisioner:
|
||||
name: ansible
|
||||
options:
|
||||
verbose: true
|
||||
verifier:
|
||||
name: ansible
|
9
molecule/autodeploy/verify.yml
Normal file
9
molecule/autodeploy/verify.yml
Normal file
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
# This is an example playbook to execute Ansible tests.
|
||||
|
||||
- name: Verify
|
||||
hosts: all
|
||||
tasks:
|
||||
- name: Example assertion
|
||||
assert:
|
||||
that: true
|
12
molecule/debug/converge.yml
Normal file
12
molecule/debug/converge.yml
Normal file
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
- name: Converge
|
||||
hosts: all
|
||||
become: true
|
||||
vars:
|
||||
pyratlabs_issue_controller_dump: true
|
||||
pre_tasks:
|
||||
- name: Ensure k3s_debug is set
|
||||
set_fact:
|
||||
k3s_debug: true
|
||||
roles:
|
||||
- xanmanning.k3s
|
44
molecule/debug/molecule.yml
Normal file
44
molecule/debug/molecule.yml
Normal file
|
@ -0,0 +1,44 @@
|
|||
---
|
||||
|
||||
dependency:
|
||||
name: galaxy
|
||||
driver:
|
||||
name: docker
|
||||
lint: |
|
||||
set -e
|
||||
yamllint -s .
|
||||
ansible-lint
|
||||
platforms:
|
||||
- name: node1
|
||||
image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}"
|
||||
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
privileged: true
|
||||
pre_build_image: ${MOLECULE_PREBUILT:-true}
|
||||
networks:
|
||||
- name: k3snet
|
||||
- name: node2
|
||||
image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}"
|
||||
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
privileged: true
|
||||
pre_build_image: ${MOLECULE_PREBUILT:-true}
|
||||
networks:
|
||||
- name: k3snet
|
||||
- name: node3
|
||||
image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}"
|
||||
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
privileged: true
|
||||
pre_build_image: ${MOLECULE_PREBUILT:-true}
|
||||
networks:
|
||||
- name: k3snet
|
||||
provisioner:
|
||||
name: ansible
|
||||
options:
|
||||
verbose: true
|
||||
verifier:
|
||||
name: ansible
|
9
molecule/debug/verify.yml
Normal file
9
molecule/debug/verify.yml
Normal file
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
# This is an example playbook to execute Ansible tests.
|
||||
|
||||
- name: Verify
|
||||
hosts: all
|
||||
tasks:
|
||||
- name: Example assertion
|
||||
assert:
|
||||
that: true
|
|
@ -4,7 +4,6 @@
|
|||
become: true
|
||||
vars:
|
||||
molecule_is_test: true
|
||||
k3s_release_version: v1.18.6+k3s1
|
||||
k3s_install_hard_links: true
|
||||
roles:
|
||||
- role: xanmanning.k3s
|
|
@ -6,7 +6,7 @@ driver:
|
|||
name: docker
|
||||
lint: |
|
||||
set -e
|
||||
yamllint .
|
||||
yamllint -s .
|
||||
ansible-lint
|
||||
platforms:
|
||||
- name: node1
|
||||
|
@ -40,6 +40,5 @@ provisioner:
|
|||
name: ansible
|
||||
options:
|
||||
verbose: true
|
||||
playbooks:
|
||||
prepare: ${MOLECULE_PREPARE_PLAYBOOK:-prepare.yml}
|
||||
converge: ${MOLECULE_PLAYBOOK:-playbook.yml}
|
||||
verifier:
|
||||
name: ansible
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
- name: Converge
|
||||
hosts: all
|
||||
become: true
|
||||
vars:
|
||||
molecule_is_test: true
|
||||
k3s_use_docker: true
|
||||
k3s_https_port: 26443
|
||||
k3s_cluster_domain: examplecluster.local
|
||||
roles:
|
||||
- role: xanmanning.k3s
|
|
@ -1,9 +0,0 @@
|
|||
---
|
||||
- name: Converge
|
||||
hosts: all
|
||||
become: true
|
||||
vars:
|
||||
molecule_is_test: true
|
||||
k3s_use_docker: true
|
||||
roles:
|
||||
- role: xanmanning.k3s
|
|
@ -1,26 +0,0 @@
|
|||
---
|
||||
- name: Converge
|
||||
hosts: all
|
||||
become: true
|
||||
vars:
|
||||
molecule_is_test: true
|
||||
k3s_no_coredns: true
|
||||
k3s_no_traefik: true
|
||||
k3s_no_servicelb: true
|
||||
k3s_no_flannel: true
|
||||
k3s_no_local_storage: true
|
||||
k3s_default_local_storage_path: false
|
||||
k3s_no_metrics_server: true
|
||||
k3s_disable_scheduler: true
|
||||
k3s_disable_cloud_controller: true
|
||||
k3s_disable_network_policy: true
|
||||
k3s_node_labels:
|
||||
- foo: bar
|
||||
- hello: world
|
||||
k3s_node_taints:
|
||||
- key1: value1:NoExecute
|
||||
k3s_kubelet_args:
|
||||
- cloud-provider: external
|
||||
- provider-id: azure
|
||||
roles:
|
||||
- role: xanmanning.k3s
|
|
@ -5,8 +5,11 @@
|
|||
become_user: k3suser
|
||||
vars:
|
||||
molecule_is_test: true
|
||||
k3s_non_root: true
|
||||
k3s_use_experimental: true
|
||||
k3s_server:
|
||||
rootless: true
|
||||
k3s_agent:
|
||||
rootless: true
|
||||
k3s_install_dir: "/home/{{ ansible_user_id }}/bin"
|
||||
roles:
|
||||
- role: xanmanning.k3s
|
||||
|
|
|
@ -5,6 +5,5 @@
|
|||
vars:
|
||||
molecule_is_test: true
|
||||
k3s_cluster_state: uninstalled
|
||||
k3s_use_docker: true
|
||||
roles:
|
||||
- role: xanmanning.k3s
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
---
|
||||
- name: Converge
|
||||
hosts: all
|
||||
become: true
|
||||
vars:
|
||||
molecule_is_test: true
|
||||
k3s_release_version: v0.4.0
|
||||
roles:
|
||||
- role: xanmanning.k3s
|
13
molecule/docker/converge.yml
Normal file
13
molecule/docker/converge.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
- name: Converge
|
||||
hosts: all
|
||||
become: true
|
||||
vars:
|
||||
molecule_is_test: true
|
||||
k3s_server:
|
||||
https-listen-port: 26443
|
||||
cluster-domain: examplecluster.local
|
||||
k3s_agent:
|
||||
docker: true
|
||||
roles:
|
||||
- role: xanmanning.k3s
|
44
molecule/docker/molecule.yml
Normal file
44
molecule/docker/molecule.yml
Normal file
|
@ -0,0 +1,44 @@
|
|||
---
|
||||
|
||||
dependency:
|
||||
name: galaxy
|
||||
driver:
|
||||
name: docker
|
||||
lint: |
|
||||
set -e
|
||||
yamllint -s .
|
||||
ansible-lint
|
||||
platforms:
|
||||
- name: node1
|
||||
image: "${MOLECULE_DISTRO:-geerlingguy/docker-ubuntu2004-ansible:latest}"
|
||||
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
privileged: true
|
||||
pre_build_image: ${MOLECULE_PREBUILT:-true}
|
||||
networks:
|
||||
- name: k3snet
|
||||
- name: node2
|
||||
image: "${MOLECULE_DISTRO:-geerlingguy/docker-ubuntu2004-ansible:latest}"
|
||||
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
privileged: true
|
||||
pre_build_image: ${MOLECULE_PREBUILT:-true}
|
||||
networks:
|
||||
- name: k3snet
|
||||
- name: node3
|
||||
image: "${MOLECULE_DISTRO:-geerlingguy/docker-ubuntu2004-ansible:latest}"
|
||||
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
privileged: true
|
||||
pre_build_image: ${MOLECULE_PREBUILT:-true}
|
||||
networks:
|
||||
- name: k3snet
|
||||
provisioner:
|
||||
name: ansible
|
||||
options:
|
||||
verbose: true
|
||||
verifier:
|
||||
name: ansible
|
8
molecule/docker/prepare.yml
Normal file
8
molecule/docker/prepare.yml
Normal file
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
- name: Prepare
|
||||
hosts: all
|
||||
tasks:
|
||||
- name: Ensure apt cache is updated
|
||||
apt:
|
||||
update_cache: true
|
||||
when: ansible_pkg_mgr == 'apt'
|
|
@ -1,17 +0,0 @@
|
|||
---
|
||||
- name: Converge
|
||||
hosts: node*
|
||||
become: true
|
||||
vars:
|
||||
molecule_is_test: true
|
||||
k3s_control_node_address: loadbalancer
|
||||
k3s_datastore_endpoint: "postgres://postgres:verybadpass@database:5432/postgres?sslmode=disable"
|
||||
k3s_server_manifests_templates:
|
||||
- "molecule/highavailability/templates/00-ns-monitoring.yml.j2"
|
||||
pre_tasks:
|
||||
- name: Set each node to be a control node
|
||||
set_fact:
|
||||
k3s_control_node: true
|
||||
when: inventory_hostname in ['node2', 'node3']
|
||||
roles:
|
||||
- role: xanmanning.k3s
|
|
@ -1,18 +0,0 @@
|
|||
---
|
||||
- name: Converge
|
||||
hosts: node*
|
||||
become: true
|
||||
vars:
|
||||
molecule_is_test: true
|
||||
k3s_release_version: v1.18
|
||||
k3s_dqlite_datastore: true
|
||||
k3s_secrets_encryption: true
|
||||
k3s_use_experimental: true
|
||||
k3s_use_unsupported_config: true
|
||||
pre_tasks:
|
||||
- name: Set each node to be a control node
|
||||
set_fact:
|
||||
k3s_control_node: true
|
||||
when: inventory_hostname in ['node2', 'node3']
|
||||
roles:
|
||||
- role: xanmanning.k3s
|
|
@ -1,4 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: monitoring
|
|
@ -1,11 +1,13 @@
|
|||
---
|
||||
|
||||
- name: Converge
|
||||
hosts: node*
|
||||
become: true
|
||||
vars:
|
||||
molecule_is_test: true
|
||||
k3s_control_node_address: loadbalancer
|
||||
k3s_datastore_endpoint: "postgres://postgres:verybadpass@database:5432/postgres?sslmode=disable"
|
||||
k3s_server:
|
||||
datastore-endpoint: "postgres://postgres:verybadpass@database:5432/postgres?sslmode=disable"
|
||||
pre_tasks:
|
||||
- name: Set each node to be a control node
|
||||
set_fact:
|
|
@ -6,7 +6,7 @@ driver:
|
|||
name: docker
|
||||
lint: |
|
||||
set -e
|
||||
yamllint .
|
||||
yamllint -s .
|
||||
ansible-lint
|
||||
platforms:
|
||||
- name: node1
|
||||
|
@ -55,6 +55,3 @@ provisioner:
|
|||
name: ansible
|
||||
options:
|
||||
verbose: true
|
||||
playbooks:
|
||||
prepare: ${MOLECULE_PREPARE_PLAYBOOK:-prepare.yml}
|
||||
converge: ${MOLECULE_PLAYBOOK:-playbook.yml}
|
|
@ -1,13 +1,14 @@
|
|||
---
|
||||
|
||||
- name: Converge
|
||||
hosts: node*
|
||||
become: true
|
||||
vars:
|
||||
molecule_is_test: true
|
||||
k3s_release_version: v1.19
|
||||
k3s_etcd_datastore: true
|
||||
k3s_secrets_encryption: true
|
||||
k3s_use_experimental: true
|
||||
k3s_etcd_datastore: true
|
||||
k3s_server:
|
||||
secrets-encryption: true
|
||||
pre_tasks:
|
||||
- name: Set each node to be a control node
|
||||
set_fact:
|
13
molecule/highavailabilityetcd/haproxy-loadbalancer.conf.j2
Normal file
13
molecule/highavailabilityetcd/haproxy-loadbalancer.conf.j2
Normal file
|
@ -0,0 +1,13 @@
|
|||
frontend loadbalancer
|
||||
bind *:6443
|
||||
mode tcp
|
||||
default_backend control_nodes
|
||||
timeout client 1m
|
||||
|
||||
backend control_nodes
|
||||
mode tcp
|
||||
balance roundrobin
|
||||
server node2 node2:6443
|
||||
server node3 node3:6443
|
||||
timeout connect 30s
|
||||
timeout server 30m
|
49
molecule/highavailabilityetcd/molecule.yml
Normal file
49
molecule/highavailabilityetcd/molecule.yml
Normal file
|
@ -0,0 +1,49 @@
|
|||
---
|
||||
|
||||
dependency:
|
||||
name: galaxy
|
||||
driver:
|
||||
name: docker
|
||||
lint: |
|
||||
set -e
|
||||
yamllint -s .
|
||||
ansible-lint
|
||||
platforms:
|
||||
- name: node1
|
||||
image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}"
|
||||
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
privileged: true
|
||||
pre_build_image: ${MOLECULE_PREBUILT:-true}
|
||||
networks:
|
||||
- name: k3snet
|
||||
- name: node2
|
||||
image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}"
|
||||
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
privileged: true
|
||||
pre_build_image: ${MOLECULE_PREBUILT:-true}
|
||||
networks:
|
||||
- name: k3snet
|
||||
- name: node3
|
||||
image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}"
|
||||
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
privileged: true
|
||||
pre_build_image: ${MOLECULE_PREBUILT:-true}
|
||||
networks:
|
||||
- name: k3snet
|
||||
- name: loadbalancer
|
||||
image: geerlingguy/docker-centos8-ansible:latest
|
||||
pre_build_image: true
|
||||
ports:
|
||||
- "6443:6443"
|
||||
networks:
|
||||
- name: k3snet
|
||||
provisioner:
|
||||
name: ansible
|
||||
options:
|
||||
verbose: true
|
30
molecule/highavailabilityetcd/prepare.yml
Normal file
30
molecule/highavailabilityetcd/prepare.yml
Normal file
|
@ -0,0 +1,30 @@
|
|||
---
|
||||
- name: Prepare
|
||||
hosts: loadbalancer
|
||||
tasks:
|
||||
- name: Ensure apt cache is updated
|
||||
apt:
|
||||
update_cache: true
|
||||
when: ansible_pkg_mgr == 'apt'
|
||||
|
||||
- name: Ensure HAProxy is installed
|
||||
package:
|
||||
name: haproxy
|
||||
state: present
|
||||
|
||||
- name: Ensure HAProxy config directory exists
|
||||
file:
|
||||
path: /usr/local/etc/haproxy
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: Ensure HAProxy is configured
|
||||
template:
|
||||
src: haproxy-loadbalancer.conf.j2
|
||||
dest: /usr/local/etc/haproxy/haproxy.cfg
|
||||
mode: 0644
|
||||
|
||||
- name: Ensure HAProxy service is started
|
||||
command: haproxy -D -f /usr/local/etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
|
||||
args:
|
||||
creates: /var/run/haproxy.pid
|
10
molecule/nodeploy/converge.yml
Normal file
10
molecule/nodeploy/converge.yml
Normal file
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
- name: Converge
|
||||
hosts: all
|
||||
become: true
|
||||
vars:
|
||||
molecule_is_test: true
|
||||
k3s_server: "{{ lookup('file', 'k3s_server.yml') | from_yaml }}"
|
||||
k3s_agent: "{{ lookup('file', 'k3s_agent.yml') | from_yaml }}"
|
||||
roles:
|
||||
- role: xanmanning.k3s
|
8
molecule/nodeploy/k3s_agent.yml
Normal file
8
molecule/nodeploy/k3s_agent.yml
Normal file
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
|
||||
node-label:
|
||||
- "foo=bar"
|
||||
- "hello=world"
|
||||
kubelet-arg:
|
||||
- "cloud-provider=external"
|
||||
- "provider-id=azure"
|
14
molecule/nodeploy/k3s_server.yml
Normal file
14
molecule/nodeploy/k3s_server.yml
Normal file
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
|
||||
flannel-backend: 'host-gw'
|
||||
disable-scheduler: true
|
||||
disable-cloud-controller: true
|
||||
disable-network-policy: true
|
||||
disable:
|
||||
- coredns
|
||||
- traefik
|
||||
- servicelb
|
||||
- local-storage
|
||||
- metrics-server
|
||||
node-taint:
|
||||
- "k3s-controlplane=true:NoExecute"
|
44
molecule/nodeploy/molecule.yml
Normal file
44
molecule/nodeploy/molecule.yml
Normal file
|
@ -0,0 +1,44 @@
|
|||
---
|
||||
|
||||
dependency:
|
||||
name: galaxy
|
||||
driver:
|
||||
name: docker
|
||||
lint: |
|
||||
set -e
|
||||
yamllint -s .
|
||||
ansible-lint
|
||||
platforms:
|
||||
- name: node1
|
||||
image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}"
|
||||
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
privileged: true
|
||||
pre_build_image: ${MOLECULE_PREBUILT:-true}
|
||||
networks:
|
||||
- name: k3snet
|
||||
- name: node2
|
||||
image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}"
|
||||
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
privileged: true
|
||||
pre_build_image: ${MOLECULE_PREBUILT:-true}
|
||||
networks:
|
||||
- name: k3snet
|
||||
- name: node3
|
||||
image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}"
|
||||
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
privileged: true
|
||||
pre_build_image: ${MOLECULE_PREBUILT:-true}
|
||||
networks:
|
||||
- name: k3snet
|
||||
provisioner:
|
||||
name: ansible
|
||||
options:
|
||||
verbose: true
|
||||
verifier:
|
||||
name: ansible
|
9
molecule/nodeploy/verify.yml
Normal file
9
molecule/nodeploy/verify.yml
Normal file
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
# This is an example playbook to execute Ansible tests.
|
||||
|
||||
- name: Verify
|
||||
hosts: all
|
||||
tasks:
|
||||
- name: Example assertion
|
||||
assert:
|
||||
that: true
|
6
molecule/requirements.txt
Normal file
6
molecule/requirements.txt
Normal file
|
@ -0,0 +1,6 @@
|
|||
-r ../requirements.txt
|
||||
|
||||
molecule[docker]>=3.1.2
|
||||
docker>=4.3.1
|
||||
yamllint>=1.25.0
|
||||
ansible-lint>=4.3.5
|
2
requirements.txt
Normal file
2
requirements.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
jmespath>=0.10.0
|
||||
ansible>=2.10.3
|
|
@ -31,7 +31,7 @@
|
|||
src: cluster-token.j2
|
||||
dest: "{{ k3s_token_location }}/cluster-token"
|
||||
mode: 0600
|
||||
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
|
||||
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
||||
when: (k3s_control_node and not k3s_primary_control_node)
|
||||
or not k3s_control_node
|
||||
notify:
|
||||
|
@ -47,6 +47,16 @@
|
|||
- reload systemd
|
||||
- restart k3s
|
||||
|
||||
- name: Ensure k3s config file exists
|
||||
template:
|
||||
src: config.yaml.j2
|
||||
dest: "{{ k3s_config_file }}"
|
||||
mode: 0644
|
||||
notify:
|
||||
- reload systemd
|
||||
- restart k3s
|
||||
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure secondary controllers are started
|
||||
service:
|
||||
name: k3s
|
||||
|
@ -59,25 +69,10 @@
|
|||
when: k3s_control_node and not k3s_primary_control_node
|
||||
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Wait for control plane to be ready to accept connections
|
||||
wait_for:
|
||||
port: "{{ k3s_https_port }}"
|
||||
host: "{{ k3s_bind_address | default('127.0.0.1') }}"
|
||||
delay: 5
|
||||
sleep: 5
|
||||
timeout: 300
|
||||
when: k3s_control_node
|
||||
- import_tasks: ../validate/check-control-plane.yml
|
||||
when: not k3s_skip_validation
|
||||
|
||||
- meta: flush_handlers
|
||||
|
||||
- name: Wait for all nodes to be ready
|
||||
command: "{{ k3s_install_dir }}/kubectl get nodes"
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
register: kubectl_get_nodes_result
|
||||
until: kubectl_get_nodes_result.rc == 0
|
||||
and kubectl_get_nodes_result.stdout.find("NotReady") == -1
|
||||
retries: 30
|
||||
delay: 20
|
||||
when: k3s_control_node and not k3s_no_flannel and not ansible_check_mode
|
||||
become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
|
||||
- import_tasks: ../validate/check-cluster-nodes-ready.yml
|
||||
when: not k3s_skip_validation
|
||||
|
|
|
@ -14,5 +14,3 @@
|
|||
notify:
|
||||
- restart docker
|
||||
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- meta: flush_handlers
|
||||
|
|
52
tasks/build/install-k3s-node.yml
Normal file
52
tasks/build/install-k3s-node.yml
Normal file
|
@ -0,0 +1,52 @@
|
|||
---
|
||||
|
||||
- name: Ensure k3s is linked into the installation destination
|
||||
file:
|
||||
src: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}"
|
||||
dest: "{{ k3s_install_dir }}/{{ item }}"
|
||||
state: "{{ 'hard' if k3s_install_hard_links else 'link' }}"
|
||||
force: "{{ k3s_install_hard_links }}"
|
||||
mode: 0755
|
||||
loop:
|
||||
- k3s
|
||||
- kubectl
|
||||
- crictl
|
||||
- ctr
|
||||
when: not ansible_check_mode
|
||||
notify:
|
||||
- restart k3s
|
||||
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure k3s config file exists
|
||||
template:
|
||||
src: config.yaml.j2
|
||||
dest: "{{ k3s_config_file }}"
|
||||
mode: 0644
|
||||
notify:
|
||||
- reload systemd
|
||||
- restart k3s
|
||||
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure k3s service unit file is present
|
||||
template:
|
||||
src: k3s.service.j2
|
||||
dest: "{{ k3s_systemd_unit_directory }}/k3s.service"
|
||||
mode: 0644
|
||||
notify:
|
||||
- reload systemd
|
||||
- restart k3s
|
||||
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure k3s killall script is present
|
||||
template:
|
||||
src: k3s-killall.sh.j2
|
||||
dest: "/usr/local/bin/k3s-killall.sh"
|
||||
mode: 0700
|
||||
become: "{{ k3s_become_for_usr_local_bin | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure k3s uninstall script is present
|
||||
template:
|
||||
src: k3s-uninstall.sh.j2
|
||||
dest: "/usr/local/bin/k3s-uninstall.sh"
|
||||
mode: 0700
|
||||
become: "{{ k3s_become_for_usr_local_bin | ternary(true, false, k3s_become_for_all) }}"
|
|
@ -1,21 +1,10 @@
|
|||
---
|
||||
|
||||
- name: Ensure k3s is linked into the installation destination on the contol plane
|
||||
- name: Ensure config directory exists
|
||||
file:
|
||||
src: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}"
|
||||
dest: "{{ k3s_install_dir }}/{{ item }}"
|
||||
state: "{{ 'hard' if k3s_install_hard_links else 'link' }}"
|
||||
force: "{{ k3s_install_hard_links }}"
|
||||
path: "{{ k3s_config_file | dirname }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
loop:
|
||||
- k3s
|
||||
- kubectl
|
||||
- crictl
|
||||
- ctr
|
||||
when: ((k3s_control_node and k3s_controller_count | length == 1)
|
||||
or (k3s_primary_control_node and k3s_controller_count | length > 1)) and not ansible_check_mode
|
||||
notify:
|
||||
- restart k3s
|
||||
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure systemd unit file directory exists
|
||||
|
@ -23,51 +12,16 @@
|
|||
path: "{{ k3s_systemd_unit_directory }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: Ensure k3s service unit file is present on control plane
|
||||
template:
|
||||
src: k3s.service.j2
|
||||
dest: "{{ k3s_systemd_unit_directory }}/k3s.service"
|
||||
mode: 0644
|
||||
when: (k3s_control_node and k3s_controller_count | length == 1)
|
||||
or (k3s_primary_control_node and k3s_controller_count | length > 1)
|
||||
notify:
|
||||
- reload systemd
|
||||
- restart k3s
|
||||
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- include_tasks: install-k3s-node.yml
|
||||
when: ((k3s_control_node and k3s_controller_count | length == 1)
|
||||
or (k3s_primary_control_node and k3s_controller_count | length > 1)) and not ansible_check_mode
|
||||
|
||||
- meta: flush_handlers
|
||||
|
||||
- name: Ensure k3s killall script is present on all nodes
|
||||
template:
|
||||
src: k3s-killall.sh.j2
|
||||
dest: "/usr/local/bin/k3s-killall.sh"
|
||||
mode: 0700
|
||||
become: "{{ k3s_become_for_usr_local_bin | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure k3s uninstall script is present on all nodes
|
||||
template:
|
||||
src: k3s-uninstall.sh.j2
|
||||
dest: "/usr/local/bin/k3s-uninstall.sh"
|
||||
mode: 0700
|
||||
become: "{{ k3s_become_for_usr_local_bin | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure k3s is linked into the installation destinations across all nodes
|
||||
file:
|
||||
src: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}"
|
||||
dest: "{{ k3s_install_dir }}/{{ item }}"
|
||||
state: "{{ 'hard' if k3s_install_hard_links else 'link' }}"
|
||||
force: "{{ k3s_install_hard_links }}"
|
||||
mode: 0755
|
||||
notify:
|
||||
- restart k3s
|
||||
loop:
|
||||
- k3s
|
||||
- kubectl
|
||||
- crictl
|
||||
- ctr
|
||||
when: not ansible_check_mode
|
||||
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
||||
- include_tasks: install-k3s-node.yml
|
||||
when: k3s_build_cluster
|
||||
|
||||
- name: Ensure k3s control plane is started
|
||||
systemd:
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
k3s_control_node: "{{ 'false' if k3s_build_cluster else 'true' }}"
|
||||
when: k3s_control_node is not defined
|
||||
|
||||
- name: Ensure k3s control node fact is set
|
||||
- name: Ensure k3s primary control node fact is set
|
||||
set_fact:
|
||||
k3s_primary_control_node: "{{ 'false' if k3s_build_cluster else 'true' }}"
|
||||
when: k3s_primary_control_node is not defined
|
||||
|
@ -52,7 +52,7 @@
|
|||
check_mode: false
|
||||
when: hostvars[item].k3s_control_node is defined
|
||||
|
||||
- name: Delegate a primary control plane node
|
||||
- name: Delegate a control plane node
|
||||
block:
|
||||
- name: Lookup control node from file
|
||||
command: "grep '{{ 'P_True' if (k3s_controller_count | length > 1) else 'C_True' }}' /tmp/inventory.txt"
|
||||
|
@ -74,3 +74,15 @@
|
|||
|
||||
when: k3s_control_node_address is not defined
|
||||
or k3s_control_delegate is not defined
|
||||
|
||||
- name: Ensure k3s_runtime_config is set for control plane
|
||||
set_fact:
|
||||
k3s_runtime_config: "{{ (k3s_server | default({})) | combine((k3s_agent | default({}))) }}"
|
||||
when: (k3s_server is defined or k3s_agent is defined)
|
||||
and (k3s_control_node is defined and k3s_control_node)
|
||||
|
||||
- name: Ensure k3s_runtime_config is set for agents
|
||||
set_fact:
|
||||
k3s_runtime_config: "{{ (k3s_agent | default({})) }}"
|
||||
when: k3s_agent is defined
|
||||
and (k3s_control_node is not defined or not k3s_control_node)
|
||||
|
|
|
@ -1,11 +1,5 @@
|
|||
---
|
||||
|
||||
- name: Check to see if k3s_cluster_state is a supported value
|
||||
assert:
|
||||
that:
|
||||
- k3s_cluster_state in ['installed', 'started', 'stopped', 'restarted', 'downloaded', 'uninstalled']
|
||||
fail_msg: "k3s_cluster_state not valid. Check README.md for details."
|
||||
success_msg: "k3s_cluster_state is valid."
|
||||
when: k3s_cluster_state is defined
|
||||
- import_tasks: validate/pre-flight.yml
|
||||
|
||||
- include_tasks: state-{{ (k3s_cluster_state | lower) | default('installed') }}.yml
|
||||
- include_tasks: state-{{ (k3s_state | lower) | default('installed') }}.yml
|
||||
|
|
|
@ -1,8 +1,5 @@
|
|||
---
|
||||
|
||||
- import_tasks: validate/check-environment.yml
|
||||
when: not k3s_skip_validation
|
||||
|
||||
- import_tasks: build/preconfigure-k3s.yml
|
||||
|
||||
- import_tasks: teardown/drain-and-remove-nodes.yml
|
||||
|
@ -17,19 +14,21 @@
|
|||
|
||||
- import_tasks: build/get-systemd-context.yml
|
||||
|
||||
- name: Ensure docker installation tasks are run
|
||||
block:
|
||||
|
||||
- include_tasks: build/install-docker-prerequisites-{{ ansible_os_family | lower }}.yml
|
||||
when: k3s_use_docker
|
||||
and (k3s_non_root is not defined or not k3s_non_root)
|
||||
|
||||
- import_tasks: build/install-docker.yml
|
||||
when: k3s_use_docker
|
||||
and ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
|
||||
and (k3s_non_root is not defined or not k3s_non_root)
|
||||
when: ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
|
||||
|
||||
- include_tasks: build/install-docker-{{ ansible_distribution | replace(" ", "-") | lower }}.yml
|
||||
when: k3s_use_docker
|
||||
and ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
|
||||
and (k3s_non_root is not defined or not k3s_non_root)
|
||||
when: ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
|
||||
|
||||
when: ('docker' in k3s_runtime_config and k3s_runtime_config.docker)
|
||||
and ('rootless' not in k3s_runtime_config or not k3s_runtime_config.rootless)
|
||||
|
||||
- meta: flush_handlers
|
||||
|
||||
- import_tasks: build/download-k3s.yml
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
---
|
||||
|
||||
- import_tasks: operate/stop-k3s.yml
|
||||
|
||||
- import_tasks: operate/start-k3s.yml
|
||||
|
|
|
@ -6,19 +6,19 @@
|
|||
|
||||
- import_tasks: teardown/uninstall-k3s.yml
|
||||
|
||||
- name: Ensure docker uninstall tasks are run
|
||||
block:
|
||||
|
||||
- import_tasks: teardown/uninstall-docker.yml
|
||||
when: k3s_use_docker
|
||||
and ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
|
||||
and (k3s_non_root is not defined or not k3s_non_root)
|
||||
when: ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
|
||||
|
||||
- include_tasks: teardown/uninstall-docker-{{ ansible_distribution | replace(" ", "-") | lower }}.yml
|
||||
when: k3s_use_docker
|
||||
and ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
|
||||
and (k3s_non_root is not defined or not k3s_non_root)
|
||||
when: ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
|
||||
|
||||
- include_tasks: teardown/uninstall-docker-prerequisites-{{ ansible_os_family | lower }}.yml
|
||||
when: k3s_use_docker
|
||||
and (k3s_non_root is not defined or not k3s_non_root)
|
||||
|
||||
when: ('docker' in k3s_runtime_config and k3s_runtime_config.docker)
|
||||
and ('rootless' not in k3s_runtime_config or not k3s_runtime_config.rootless)
|
||||
|
||||
- import_tasks: validate/check-uninstalled.yml
|
||||
when: not k3s_skip_validation
|
||||
|
|
7
tasks/state-validated.yml
Normal file
7
tasks/state-validated.yml
Normal file
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
|
||||
- import_tasks: validate/pre-flight.yml
|
||||
|
||||
- import_tasks: validate/main.yml
|
||||
|
||||
- import_tasks: validate/post-install.yml
|
|
@ -34,4 +34,5 @@
|
|||
|
||||
- name: Clean up Docker
|
||||
command: docker system prune -a --force
|
||||
when: k3s_use_docker and check_k3s_docker_path.rc == 0
|
||||
when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker)
|
||||
and check_k3s_docker_path.rc == 0
|
||||
|
|
17
tasks/validate/check-cluster-nodes-ready.yml
Normal file
17
tasks/validate/check-cluster-nodes-ready.yml
Normal file
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
|
||||
- name: Check that all nodes to be ready
|
||||
command: "{{ k3s_install_dir }}/kubectl get nodes"
|
||||
changed_when: false
|
||||
failed_when: kubectl_get_nodes_result.stdout.find("was refused") != -1 or
|
||||
kubectl_get_nodes_result.stdout.find("ServiceUnavailable") != -1
|
||||
register: kubectl_get_nodes_result
|
||||
until: kubectl_get_nodes_result.rc == 0
|
||||
and kubectl_get_nodes_result.stdout.find("NotReady") == -1
|
||||
retries: 30
|
||||
delay: 20
|
||||
when: k3s_control_node
|
||||
and (("disable" not in k3s_runtime_config)
|
||||
or ("disable" in k3s_runtime_config and "flannel" not in k3s_runtime_config.disable))
|
||||
and not ansible_check_mode
|
||||
become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
|
|
@ -4,24 +4,24 @@
|
|||
assert:
|
||||
that:
|
||||
- (k3s_controller_count | length == 1)
|
||||
and (k3s_datastore_endpoint is not defined or not k3s_datastore_endpoint)
|
||||
and (k3s_dqlite_datastore is not defined or not k3s_dqlite_datastore)
|
||||
and ("datastore-endpoint" not in k3s_runtime_config or not k3s_runtime_config['datastore-endpoint'])
|
||||
and (k3s_etcd_datastore is not defined or not k3s_etcd_datastore)
|
||||
success_msg: "Control plane configuration is valid."
|
||||
fail_msg: "Control plane configuration is invalid. Please see notes about k3s_control_node and HA in README.md."
|
||||
when: k3s_controller_count | length == 1
|
||||
and not k3s_use_unsupported_config
|
||||
and k3s_control_node
|
||||
|
||||
- name: Check the conditions when multiple controllers are defined
|
||||
assert:
|
||||
that:
|
||||
- (k3s_controller_count | length >= 2)
|
||||
and ((k3s_datastore_endpoint is defined and k3s_datastore_endpoint)
|
||||
or (k3s_dqlite_datastore is defined and k3s_dqlite_datastore)
|
||||
and (("datastore-endpoint" in k3s_runtime_config and k3s_runtime_config['datastore-endpoint'])
|
||||
or (k3s_etcd_datastore is defined and k3s_etcd_datastore))
|
||||
success_msg: "Control plane configuration is valid."
|
||||
fail_msg: "Control plane configuration is invalid. Please see notes about k3s_control_node and HA in README.md."
|
||||
when: k3s_controller_count | length >= 2
|
||||
and k3s_control_node
|
||||
|
||||
- name: Check the conditions when embedded etcd is defined
|
||||
assert:
|
||||
|
@ -30,4 +30,7 @@
|
|||
and (((k3s_controller_count | length) % 2) == 1)
|
||||
success_msg: "Control plane configuration is valid."
|
||||
fail_msg: "Etcd should have a minimum of 3 defined members and the number of members should be odd. Please see notes about HA in README.md"
|
||||
when: k3s_etcd_datastore and not k3s_use_unsupported_config
|
||||
when: k3s_etcd_datastore is defined
|
||||
and k3s_etcd_datastore
|
||||
and not k3s_use_unsupported_config
|
||||
and k3s_control_node
|
10
tasks/validate/check-control-plane.yml
Normal file
10
tasks/validate/check-control-plane.yml
Normal file
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
|
||||
- name: Check that the control plane to is available to accept connections
|
||||
wait_for:
|
||||
port: "{{ k3s_runtime_config['https-listen-port'] | default('6443') }}"
|
||||
host: "{{ k3s_runtime_config['bind-address'] | default('127.0.0.1') }}"
|
||||
delay: 5
|
||||
sleep: 5
|
||||
timeout: 300
|
||||
when: k3s_control_node
|
|
@ -6,19 +6,16 @@
|
|||
- k3s_use_experimental is defined and k3s_use_experimental
|
||||
success_msg: "Experimental variables are defined and enabled."
|
||||
fail_msg: "Experimental variables have been configured. If you want to use them ensure you set k3s_use_experimental"
|
||||
when: (k3s_non_root is defined and k3s_non_root)
|
||||
or (k3s_dqlite_datastore is defined and k3s_dqlite_datastore)
|
||||
or (k3s_etcd_datastore is defined and k3s_etcd_datastore)
|
||||
or (k3s_secrets_encryption is defined and k3s_secrets_encryption)
|
||||
or (k3s_enable_selinux is defined and k3s_enable_selinux)
|
||||
loop: "{{ k3s_experimental_config }}"
|
||||
when: k3s_etcd_datastore is defined and k3s_etcd_datastore
|
||||
|
||||
- name: Check if experimental dqlite is being used and k3s_use_unsupported_config is configured
|
||||
- name: Check if any experimental variables are configure and if they are enabled with k3s_use_experimental
|
||||
assert:
|
||||
that:
|
||||
- k3s_use_unsupported_config is defined and k3s_use_unsupported_config
|
||||
success_msg: "Unsupported use of dqlite backend is enabled."
|
||||
fail_msg: |
|
||||
Embedded DQLite is no longer supported and there is no upgrade path to use Etcd!
|
||||
If you're sure you want to use it set k3s_use_unsupported_config. This will break in v1.19!
|
||||
when: k3s_use_experimental
|
||||
and (k3s_dqlite_datastore is defined and k3s_dqlite_datastore)
|
||||
- k3s_use_experimental is defined and k3s_use_experimental
|
||||
success_msg: "Experimental variables are defined and enabled."
|
||||
fail_msg: "Experimental variable {{ item.setting }} has been configured. If you want to use this ensure you set k3s_use_experimental"
|
||||
loop: "{{ k3s_experimental_config }}"
|
||||
when: (item.setting in k3s_runtime_config and k3s_runtime_config[item.setting])
|
||||
and ((item.until is not defined) or
|
||||
(item.until is defined and (k3s_release_version | replace('v', '')) is version_compare(item.until, '<')))
|
||||
|
|
|
@ -16,12 +16,12 @@
|
|||
ignore_errors: true
|
||||
changed_when: false
|
||||
register: check_k3s_docker_process
|
||||
when: k3s_use_docker is defined and k3s_use_docker
|
||||
when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker)
|
||||
|
||||
- name: Fail if docker is still running
|
||||
fail:
|
||||
msg: docker is still running, uninstall script failed. Please investigate.
|
||||
when: k3s_use_docker is defined and k3s_use_docker and check_k3s_docker_process.rc == 0
|
||||
when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker)
|
||||
|
||||
- name: Fail if k3s binaries have not been removed
|
||||
stat:
|
||||
|
|
|
@ -1,288 +1,26 @@
|
|||
---
|
||||
|
||||
- name: Check k3s_no_flannel against k3s version
|
||||
- name: "Check that k3s_release_version >= {{ k3s_min_version }}"
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.2.0', '>=')
|
||||
success_msg: "--no-flannel is supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--no-flannel is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_no_flannel is defined and k3s_no_flannel
|
||||
- (k3s_release_version | replace('v', '')) is version_compare(k3s_min_version, '>=')
|
||||
success_msg: "{{ k3s_release_version }} is supported by this role."
|
||||
fail_msg: "{{ k3s_release_version }} is not supported by this role, please use xanmanning.k3s v1.x."
|
||||
|
||||
- name: Check k3s_service_cidr against k3s version
|
||||
- name: Check configuration in k3s_server and k3s_agent that needs special configuration.
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.2.0', '>=')
|
||||
success_msg: "--service-cidr is supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--service-cidr is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_service_cidr is defined
|
||||
- (item.setting not in k3s_runtime_config)
|
||||
success_msg: "{{ item.setting }} not found in server/agent config"
|
||||
fail_msg: "{{ item.setting }} found in server/agent config. Please set {{ item.correction }} to use this option."
|
||||
loop: "{{ k3s_config_exclude }}"
|
||||
|
||||
- name: Check k3s_cluster_dns against k3s version
|
||||
- name: Check configuration in k3s_server and k3s_agent against release version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.2.0', '>=')
|
||||
success_msg: "--cluster-dns is supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--cluster-dns is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_cluster_dns is defined and k3s_cluster_dns
|
||||
|
||||
- name: Check k3s_use_docker against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.2.0', '>=')
|
||||
success_msg: "--docker is supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--docker is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_use_docker is defined and k3s_use_docker
|
||||
|
||||
- name: Check k3s_no_traefik against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.2.0', '>=')
|
||||
success_msg: "--no-deploy traefik is supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--no-deploy traefik is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_no_traefik is defined and k3s_no_traefik
|
||||
|
||||
- name: Check k3s_non_root against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
|
||||
- ansible_user_id != "root"
|
||||
- play_hosts | length == 1
|
||||
success_msg: "k3s_non_root is supported in {{ k3s_release_version }}"
|
||||
fail_msg: "k3s_non_root only works in >= v0.4.0, on a single node and must not be installed as root."
|
||||
when: k3s_non_root is defined and k3s_non_root
|
||||
|
||||
- name: Check k3s_resolv_conf against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.3.0', '>=')
|
||||
success_msg: "--resolv-conf is supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--resolv-conf is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_resolv_conf is defined and k3s_resolv_conf
|
||||
|
||||
- name: Check k3s_tls_san against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.3.0', '>=')
|
||||
success_msg: "--tls-san is supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--tls-san is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_tls_san is defined and k3s_tls_san
|
||||
|
||||
- name: Check k3s_flannel_interface against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
|
||||
success_msg: "--flannel-iface is supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--flannel-iface is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_flannel_interface is defined and k3s_flannel_interface
|
||||
|
||||
- name: Check k3s_cluster_domain against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
|
||||
success_msg: "--cluster-domain is supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--cluster-domain is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_cluster_domain is defined and k3s_cluster_domain
|
||||
|
||||
- name: Check k3s_bind_address against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
|
||||
success_msg: "--bind-address is supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--bind-address is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_bind_address is defined and k3s_bind_address
|
||||
|
||||
- name: Check k3s_bind_address against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.5.0', '>=')
|
||||
success_msg: "Auto deploy manifests is supported in {{ k3s_release_version }}"
|
||||
fail_msg: |
|
||||
Auto deploy manifests supported is limited in {{ k3s_release_version }}.
|
||||
To disable this message ensure k3s_use_experimental is set to true.
|
||||
when: k3s_server_manifests_templates is defined
|
||||
and k3s_server_manifests_templates | length > 0
|
||||
and (k3s_use_experimental is not defined or not k3s_use_experimental)
|
||||
|
||||
- name: Check k3s_node_labels against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.6.0', '>=')
|
||||
success_msg: "Node Labels supported in {{ k3s_release_version }}"
|
||||
fail_msg: "Node Labels are not supported in {{ k3s_release_version }}"
|
||||
when: k3s_node_labels is defined and k3s_node_labels
|
||||
|
||||
- name: Check k3s_node_taints against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.6.0', '>=')
|
||||
success_msg: "Node Taints supported in {{ k3s_release_version }}"
|
||||
fail_msg: "Node Taints are not supported in {{ k3s_release_version }}"
|
||||
when: k3s_node_taints is defined and k3s_node_taints
|
||||
|
||||
- name: Check k3s_kubelet_args against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
|
||||
success_msg: "Kubelet args supported in {{ k3s_release_version }}"
|
||||
fail_msg: "Kubelet args are not supported in {{ k3s_release_version }}"
|
||||
when: k3s_kubelet_args is defined and k3s_kubelet_args | length > 0
|
||||
|
||||
- name: Check k3s_kube_proxy_args against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
|
||||
success_msg: "Kube proxy args supported in {{ k3s_release_version }}"
|
||||
fail_msg: "Kube proxy args are not supported in {{ k3s_release_version }}"
|
||||
when: k3s_kube_proxy_args is defined and k3s_kube_proxy_args | length > 0
|
||||
|
||||
- name: Check k3s_kube_apiserver_args against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
|
||||
success_msg: "Kube API Server supported in {{ k3s_release_version }}"
|
||||
fail_msg: "Kube API Server args are not supported in {{ k3s_release_version }}"
|
||||
when: k3s_kube_apiserver_args is defined and k3s_kube_apiserver_args | length > 0
|
||||
|
||||
- name: Check k3s_kube_scheduler_args against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
|
||||
success_msg: "Kube Scheduler supported in {{ k3s_release_version }}"
|
||||
fail_msg: "Kube Scheduler args are not supported in {{ k3s_release_version }}"
|
||||
when: k3s_kube_scheduler_args is defined and k3s_kube_scheduler_args | length > 0
|
||||
|
||||
- name: Check k3s_kube_controller_manager_args against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
|
||||
success_msg: "Kube Controller Manager supported in {{ k3s_release_version }}"
|
||||
fail_msg: "Kube Controller Manager args are not supported in {{ k3s_release_version }}"
|
||||
when: k3s_kube_controller_manager_args is defined and k3s_kube_controller_manager_args | length > 0
|
||||
|
||||
- name: Check k3s_kube_cloud_controller_manager_args against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
|
||||
success_msg: "Kube Cloud Controller Manager supported in {{ k3s_release_version }}"
|
||||
fail_msg: "Kube Cloud Controller Manager args are not supported in {{ k3s_release_version }}"
|
||||
when: k3s_kube_cloud_controller_manager_args is defined and k3s_kube_cloud_controller_manager_args | length > 0
|
||||
|
||||
- name: Check k3s_flannel_backend against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.10.0', '>=')
|
||||
success_msg: "Alternate flannel backends supported in {{ k3s_release_version }}"
|
||||
fail_msg: "Alternate flannel backends are not supported in {{ k3s_release_version }}"
|
||||
when: k3s_flannel_backend is defined and k3s_flannel_backend
|
||||
|
||||
- name: Check k3s_flannel_backend 'host-gw' configuration against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.17.2', '>=')
|
||||
success_msg: "host-gw flannel backend supported in {{ k3s_release_version }}"
|
||||
fail_msg: "host-gw flannel backend is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_flannel_backend is defined and k3s_flannel_backend == 'host-gw'
|
||||
|
||||
- name: Check k3s_disable_network_policy against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.10.0', '>=')
|
||||
success_msg: "--disable-network-policy supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--disable-network-policy not supported in {{ k3s_release_version }}"
|
||||
when: k3s_disable_network_policy is defined and k3s_disable_network_policy
|
||||
|
||||
- name: Check k3s_private_registry against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.10.0', '>=')
|
||||
success_msg: "--private-registry supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--private-registry not supported in {{ k3s_release_version }}"
|
||||
when: k3s_private_registry is defined and k3s_private_registry
|
||||
|
||||
- name: Check k3s_disable_cloud_controller against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
|
||||
success_msg: "--disable-cloud-controller supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--disable-cloud-controller not supported in {{ k3s_release_version }}"
|
||||
when: k3s_disable_cloud_controller is defined and k3s_disable_cloud_controller
|
||||
|
||||
- name: Check k3s_disable_scheduler against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
|
||||
success_msg: "--disable-scheduler supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--disable-scheduler not supported in {{ k3s_release_version }}"
|
||||
when: k3s_disable_scheduler is defined and k3s_disable_scheduler
|
||||
|
||||
- name: Check k3s_datastore_endpoint against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
|
||||
success_msg: "--datastore-endpoint supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--datastore-endpoint not supported in {{ k3s_release_version }}"
|
||||
when: k3s_datastore_endpoint is defined and k3s_datastore_endpoint
|
||||
|
||||
- name: Check k3s_dqlite_datastore against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.19.0', '<')
|
||||
success_msg: "--cluster-init (dqlite) supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--cluster-init (dqlite) not supported in {{ k3s_release_version }}"
|
||||
when: k3s_dqlite_datastore is defined and k3s_dqlite_datastore
|
||||
|
||||
- name: Check k3s_etcd_datastore against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.19.1', '>=')
|
||||
success_msg: "--cluster-init (etcd) supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--cluster-init (etcd) not supported in {{ k3s_release_version }}"
|
||||
when: k3s_etcd_datastore is defined and k3s_etcd_datastore
|
||||
|
||||
- name: Check k3s_datastore_cafile against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
|
||||
success_msg: "--datastore-endpoint supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--datastore-endpoint not supported in {{ k3s_release_version }}"
|
||||
when: k3s_datastore_cafile is defined and k3s_datastore_cafile
|
||||
|
||||
- name: Check k3s_datastore_certfile against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
|
||||
success_msg: "--datastore-endpoint supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--datastore-endpoint not supported in {{ k3s_release_version }}"
|
||||
when: k3s_datastore_certfile is defined and k3s_datastore_certfile
|
||||
|
||||
- name: Check k3s_datastore_keyfile against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
|
||||
success_msg: "--datastore-endpoint supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--datastore-endpoint not supported in {{ k3s_release_version }}"
|
||||
when: k3s_datastore_keyfile is defined and k3s_datastore_keyfile
|
||||
|
||||
- name: Check k3s_default_local_storage_path against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
|
||||
success_msg: "Local storage path supported in {{ k3s_release_version }}"
|
||||
fail_msg: "Local storage path are not supported in {{ k3s_release_version }}"
|
||||
when: k3s_default_local_storage_path is defined and k3s_default_local_storage_path
|
||||
|
||||
- name: Check k3s_secrets_encryption against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.17.4', '>=')
|
||||
success_msg: "Secrets encryption at rest supported in {{ k3s_release_version }}"
|
||||
fail_msg: "Secrets encryption at rest is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_secrets_encryption is defined and k3s_secrets_encryption
|
||||
|
||||
- name: Check k3s_enable_selinux against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.17.4', '>=')
|
||||
success_msg: "SELinux supported in {{ k3s_release_version }}"
|
||||
fail_msg: "SELinux is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_enable_selinux is defined and k3s_enable_selinux
|
||||
- (k3s_release_version | replace('v', '')) is version_compare(item.version, '>=')
|
||||
success_msg: "{{ item.setting }} is supported by {{ k3s_release_version }}"
|
||||
fail_msg: "{{ item.setting }} is not supported in {{ k3s_release_version }}. Please update to v{{ item.version }} to use this option."
|
||||
loop: "{{ k3s_config_version_check }}"
|
||||
when: k3s_config_version_check is defined
|
||||
and item.setting in k3s_runtime_config
|
||||
|
|
5
tasks/validate/generate-check-config.yml
Normal file
5
tasks/validate/generate-check-config.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
|
||||
- name: Ensure k3s_runtime_config is set for validation
|
||||
set_fact:
|
||||
k3s_runtime_config: "{{ (k3s_server | default({})) | combine (k3s_agent | default({})) }}"
|
65
tasks/validate/issue-data.yml
Normal file
65
tasks/validate/issue-data.yml
Normal file
|
@ -0,0 +1,65 @@
|
|||
---
|
||||
|
||||
- name: Ensure facts are gathered
|
||||
ansible.builtin.setup:
|
||||
|
||||
- name: Ensure Ansible version is captured
|
||||
command: ansible --version
|
||||
failed_when: false
|
||||
changed_when: false
|
||||
register: check_ansible_version
|
||||
delegate_to: localhost
|
||||
run_once: true
|
||||
become: false
|
||||
|
||||
- name: Ensure Ansible config is captured
|
||||
command: ansible-config dump --only-changed
|
||||
failed_when: false
|
||||
changed_when: false
|
||||
register: check_ansible_config
|
||||
delegate_to: localhost
|
||||
run_once: true
|
||||
become: false
|
||||
|
||||
- name: Ensure facts are written to disk
|
||||
ansible.builtin.copy:
|
||||
dest: pyratlabs-issue-dump.txt
|
||||
content: |
|
||||
# Begin ANSIBLE VERSION
|
||||
{{ check_ansible_version.stdout }}
|
||||
# End ANSIBLE VERSION
|
||||
|
||||
# Begin ANSIBLE CONFIG
|
||||
{{ check_ansible_config.stdout }}
|
||||
# End ANSIBLE CONFIG
|
||||
|
||||
# Begin PLAY HOSTS
|
||||
{{ play_hosts | to_json }}
|
||||
# End PLAY HOSTS
|
||||
|
||||
# Begin K3S ROLE CONFIG
|
||||
{% for host in play_hosts %}
|
||||
## {{ host }}
|
||||
{% for config_key in hostvars[host] | to_json | from_json | json_query('keys(@)[?starts_with(@, `k3s_`)]') %}
|
||||
{{ config_key }}: {{ hostvars[host][config_key] | to_json }}
|
||||
{% endfor %}
|
||||
|
||||
{% endfor %}
|
||||
# End K3S ROLE CONFIG
|
||||
|
||||
# Begin K3S RUNTIME CONFIG
|
||||
{% for host in play_hosts %}
|
||||
## {{ host }}
|
||||
{{ hostvars[host].k3s_runtime_config }}
|
||||
{% endfor %}
|
||||
# End K3S RUNTIME CONFIG
|
||||
mode: 0600
|
||||
delegate_to: localhost
|
||||
run_once: true
|
||||
become: false
|
||||
|
||||
- name: Fail the play
|
||||
ansible.builtin.fail:
|
||||
msg: Please include the output of pyrat-issue-dump.txt in your bug report.
|
||||
delegate_to: localhost
|
||||
run_once: true
|
|
@ -1,10 +1,13 @@
|
|||
---
|
||||
|
||||
- import_tasks: check-variables.yml
|
||||
|
||||
- import_tasks: check-experimental-variables.yml
|
||||
|
||||
- import_tasks: check-unsupported-rootless.yml
|
||||
when: k3s_non_root is defined
|
||||
and k3s_non_root
|
||||
when: ("rootless" in k3s_runtime_config)
|
||||
and k3s_runtime_config.rootless
|
||||
and k3s_use_unsupported_config
|
||||
- import_tasks: check-controller-count.yml
|
||||
|
||||
- import_tasks: check-control-count.yml
|
||||
when: k3s_build_cluster is defined and k3s_build_cluster
|
||||
|
|
5
tasks/validate/post-install.yml
Normal file
5
tasks/validate/post-install.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
|
||||
- import_tasks: check-control-plane.yml
|
||||
|
||||
- import_tasks: check-cluster-nodes-ready.yml
|
17
tasks/validate/pre-flight.yml
Normal file
17
tasks/validate/pre-flight.yml
Normal file
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
|
||||
- name: Check to see if k3s_state is a supported value
|
||||
assert:
|
||||
that:
|
||||
- k3s_state in k3s_valid_states
|
||||
fail_msg: "k3s_state not valid. Check README.md for details."
|
||||
success_msg: "k3s_state is valid."
|
||||
when: k3s_state is defined
|
||||
|
||||
- import_tasks: generate-check-config.yml
|
||||
|
||||
- import_tasks: check-environment.yml
|
||||
when: not k3s_skip_validation
|
||||
|
||||
- include_tasks: issue-data.yml
|
||||
when: pyratlabs_issue_controller_dump is defined and pyratlabs_issue_controller_dump
|
8
templates/config.yaml.j2
Normal file
8
templates/config.yaml.j2
Normal file
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
|
||||
{% if k3s_etcd_datastore and (k3s_control_node is defined and k3s_control_node) and (k3s_primary_control_node is defined and k3s_primary_control_node) %}
|
||||
cluster-init: true
|
||||
{% endif %}
|
||||
{% if k3s_runtime_config is defined and k3s_runtime_config | length > 0 %}
|
||||
{{ k3s_runtime_config | to_nice_yaml(indent=2) }}
|
||||
{% endif %}
|
|
@ -62,7 +62,7 @@ do_unmount() {
|
|||
}
|
||||
|
||||
do_unmount '/run/k3s'
|
||||
do_unmount '{{ k3s_node_data_dir | default('/var/lib/rancher/k3s') }}'
|
||||
do_unmount '{{ k3s_runtime_config['data-dir'] | default('/var/lib/rancher/k3s') }}'
|
||||
do_unmount '/var/lib/kubelet/pods'
|
||||
do_unmount '/run/netns/cni-'
|
||||
|
||||
|
|
|
@ -55,7 +55,7 @@ for bin in {{ k3s_install_dir }}/k3s*; do
|
|||
done
|
||||
|
||||
[ -d /etc/rancher/k3s ] && rm -rf /etc/rancher/k3s
|
||||
[ -d {{ k3s_node_data_dir | default('/var/lib/rancher/k3s') }} ] && rm -rf {{ k3s_node_data_dir | default('/var/lib/rancher/k3s') }}
|
||||
[ -d {{ k3s_runtime_config['data-dir'] | default('/var/lib/rancher/k3s') }} ] && rm -rf {{ k3s_runtime_config['data-dir'] | default('/var/lib/rancher/k3s') }}
|
||||
[ -d /var/lib/kubelet ] && rm -rf /var/lib/kubelet
|
||||
|
||||
[ -f /usr/local/bin/k3s-killall.sh ] && rm -f /usr/local/bin/k3s-killall.sh
|
||||
|
|
|
@ -16,194 +16,20 @@ ExecStart={{ k3s_install_dir }}/k3s
|
|||
{% endif %}
|
||||
{% if k3s_control_node %}
|
||||
server
|
||||
{% if k3s_bind_address is defined %}
|
||||
--bind-address {{ k3s_bind_address }}
|
||||
{% endif %}
|
||||
{% if k3s_advertise_address is defined %}
|
||||
--advertise-address {{ k3s_advertise_address }}
|
||||
{% endif %}
|
||||
{% if k3s_non_root is defined and k3s_non_root %}
|
||||
--rootless
|
||||
{% endif %}
|
||||
{% if k3s_https_port != 6443 %}
|
||||
--https-listen-port {{ k3s_https_port }}
|
||||
{% endif %}
|
||||
{% if k3s_disable_scheduler %}
|
||||
--disable-scheduler
|
||||
{% endif %}
|
||||
{% if k3s_disable_cloud_controller %}
|
||||
--disable-cloud-controller
|
||||
{% endif %}
|
||||
{% if k3s_disable_network_policy %}
|
||||
--disable-network-policy
|
||||
{% endif %}
|
||||
{% if k3s_disable_kube_proxy %}
|
||||
--disable-kube-proxy
|
||||
{% endif %}
|
||||
{% if k3s_no_flannel %}
|
||||
{% if (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=') %}
|
||||
--flannel-backend none
|
||||
{% else %}
|
||||
--no-flannel
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if k3s_cluster_cidr is defined %}
|
||||
--cluster-cidr {{ k3s_cluster_cidr }}
|
||||
{% endif %}
|
||||
{% if k3s_service_cidr is defined %}
|
||||
--service-cidr {{ k3s_service_cidr }}
|
||||
{% endif %}
|
||||
{% if k3s_flannel_backend is defined and not k3s_no_flannel %}
|
||||
--flannel-backend {{ k3s_flannel_backend }}
|
||||
{% endif %}
|
||||
{% if k3s_private_registry is defined and k3s_private_registry %}
|
||||
--private-registry {{ k3s_private_registry }}
|
||||
{% endif %}
|
||||
{{ ' --disable coredns' if k3s_no_coredns else '' }}{{ ' --disable servicelb' if k3s_no_servicelb else '' }}{{ ' --disable traefik' if k3s_no_traefik else '' }}{{ ' --disable local-storage' if k3s_no_local_storage else '' }}{{ ' --disable metrics-server' if k3s_no_metrics_server else '' }}
|
||||
{% if not k3s_no_local_storage and k3s_default_local_storage_path is defined and k3s_default_local_storage_path %}
|
||||
--default-local-storage-path {{ k3s_default_local_storage_path }}
|
||||
{% endif %}
|
||||
{% if k3s_cluster_dns is defined and k3s_cluster_dns %}
|
||||
--cluster-dns {{ k3s_cluster_dns }}
|
||||
{% endif %}
|
||||
{% if k3s_cluster_domain is defined and k3s_cluster_domain != "cluster.local" %}
|
||||
--cluster-domain {{ k3s_cluster_domain }}
|
||||
{% endif %}
|
||||
{% if k3s_datastore_endpoint is defined and k3s_datastore_endpoint %}
|
||||
--datastore-endpoint "{{ k3s_datastore_endpoint }}"
|
||||
{% if k3s_datastore_cafile is defined and k3s_datastore_cafile %}
|
||||
--datastore-cafile {{ k3s_datastore_cafile }}
|
||||
{% endif %}
|
||||
{% if k3s_datastore_certfile is defined and k3s_datastore_certfile %}
|
||||
--datastore-certfile {{ k3s_datastore_certfile }}
|
||||
{% endif %}
|
||||
{% if k3s_datastore_keyfile is defined and k3s_datastore_keyfile %}
|
||||
--datastore-keyfile {{ k3s_datastore_keyfile }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if (k3s_dqlite_datastore is defined and k3s_dqlite_datastore) or (k3s_etcd_datastore is defined and k3s_etcd_datastore) %}
|
||||
{% if k3s_primary_control_node is defined and k3s_primary_control_node %}
|
||||
--cluster-init
|
||||
{% else %}
|
||||
--server https://{{ k3s_control_node_address }}:{{ k3s_https_port }}
|
||||
{% if (k3s_etcd_datastore is defined and k3s_etcd_datastore) and (k3s_primary_control_node is not defined or not k3s_primary_control_node) %}
|
||||
--server https://{{ k3s_control_node_address }}:{{ k3s_runtime_config['https-listen-port'] | default(6443) }}
|
||||
--token-file {{ k3s_token_location }}/cluster-token
|
||||
{% endif %}
|
||||
{% if k3s_etcd_disable_snapshots %}
|
||||
--etcd-disable-snapshots
|
||||
{% else %}
|
||||
{% if k3s_etcd_snapshot_schedule_cron is defined %}
|
||||
--etcd-snapshot-schedule-cron "{{ k3s_etcd_snapshot_schedule_cron }}"
|
||||
{% endif %}
|
||||
{% if k3s_etcd_snapshot_retention is defined %}
|
||||
--etcd-snapshot-retention {{ k3s_etcd_snapshot_retention }}
|
||||
{% endif %}
|
||||
{% if k3s_etcd_snapshot_directory is defined %}
|
||||
--etcd-snapshot-dir {{ k3s_etcd_snapshot_directory }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if k3s_secrets_encryption is defined and k3s_secrets_encryption %}
|
||||
--secrets-encryption
|
||||
{% endif %}
|
||||
{% if k3s_kube_apiserver_args is defined and k3s_kube_apiserver_args is iterable %}
|
||||
{% for arg in k3s_kube_apiserver_args %}
|
||||
{% for key, value in arg.items() %}
|
||||
--kube-apiserver-arg {{ key }}={{ value }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if k3s_kube_scheduler_args is defined and k3s_kube_scheduler_args is iterable %}
|
||||
{% for arg in k3s_kube_scheduler_args %}
|
||||
{% for key, value in arg.items() %}
|
||||
--kube-scheduler-arg {{ key }}={{ value }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if k3s_kube_controller_manager_args is defined and k3s_kube_controller_manager_args is iterable %}
|
||||
{% for arg in k3s_kube_controller_manager_args %}
|
||||
{% for key, value in arg.items() %}
|
||||
--kube-controller-manager-arg {{ key }}={{ value }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if k3s_kube_cloud_controller_manager_args is defined and k3s_kube_cloud_controller_manager_args is iterable %}
|
||||
{% for arg in k3s_kube_cloud_controller_manager_args %}
|
||||
{% for key, value in arg.items() %}
|
||||
--kube-cloud-controller-manager-arg {{ key }}={{ value }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% if k3s_server is defined %}
|
||||
--config {{ k3s_config_file }}
|
||||
{% endif %}
|
||||
{% else %}
|
||||
agent
|
||||
--server https://{{ k3s_control_node_address }}:{{ k3s_https_port }}
|
||||
--server https://{{ k3s_control_node_address }}:{{ k3s_runtime_config['https-listen-port'] | default(6443) }}
|
||||
--token-file {{ k3s_token_location }}/cluster-token
|
||||
{% if k3s_agent is defined %}
|
||||
--config {{ k3s_config_file }}
|
||||
{% endif %}
|
||||
{% if k3s_enable_selinux %}
|
||||
--selinux
|
||||
{% endif %}
|
||||
{% if k3s_resolv_conf is defined and k3s_resolv_conf %}
|
||||
--resolv-conf {{ k3s_resolv_conf }}
|
||||
{% endif %}
|
||||
{% if k3s_tls_san is defined and k3s_tls_san is iterable %}
|
||||
{% for san in k3s_tls_san %}
|
||||
--tls-san {{ san }}
|
||||
{% endfor %}
|
||||
{% else %}
|
||||
{% if k3s_tls_san is defined and k3s_tls_san %}
|
||||
--tls-san {{ k3s_tls_san }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if k3s_node_data_dir is defined %}
|
||||
--data-dir {{ k3s_node_data_dir }}
|
||||
{% endif %}
|
||||
{% if k3s_use_docker %}
|
||||
--docker
|
||||
{% endif %}
|
||||
{% if k3s_flannel_interface is defined and not k3s_no_flannel %}
|
||||
--flannel-iface {{ k3s_flannel_interface }}
|
||||
{% endif %}
|
||||
{% if k3s_node_name is defined %}
|
||||
--node-name {{ k3s_node_name }}
|
||||
{% endif %}
|
||||
{% if k3s_node_id is defined %}
|
||||
--with-node-id {{ k3s_node_id }}
|
||||
{% endif %}
|
||||
{% if k3s_node_ip_address is defined %}
|
||||
--node-ip {{ k3s_node_ip_address }}
|
||||
{% endif %}
|
||||
{% if k3s_node_external_address is defined %}
|
||||
--node-external-ip {{ k3s_node_external_address }}
|
||||
{% endif %}
|
||||
{% if k3s_write_kubeconfig_mode is defined %}
|
||||
--write-kubeconfig-mode {{ k3s_write_kubeconfig_mode }}
|
||||
{% endif %}
|
||||
{% if k3s_node_labels is defined and k3s_node_labels is iterable %}
|
||||
{% for label in k3s_node_labels %}
|
||||
{% for key, value in label.items() %}
|
||||
--node-label {{ key }}={{ value }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if k3s_node_taints is defined and k3s_node_taints is iterable %}
|
||||
{% for taint in k3s_node_taints %}
|
||||
{% for key, value in taint.items() %}
|
||||
--node-taint {{ key }}={{ value }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if k3s_kubelet_args is defined and k3s_kubelet_args is iterable %}
|
||||
{% for arg in k3s_kubelet_args %}
|
||||
{% for key, value in arg.items() %}
|
||||
--kubelet-arg {{ key }}={{ value }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if k3s_kube_proxy_args is defined and k3s_kube_proxy_args is iterable %}
|
||||
{% for arg in k3s_kube_proxy_args %}
|
||||
{% for key, value in arg.items() %}
|
||||
--kube-proxy-arg {{ key }}={{ value }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% endfilter %}
|
||||
{% endfilter %}
|
||||
|
|
96
vagrant/Vagrantfile
vendored
96
vagrant/Vagrantfile
vendored
|
@ -1,96 +0,0 @@
|
|||
# -*- mode: ruby -*-
|
||||
# vi: set ft=ruby :
|
||||
|
||||
$centos_provision = <<SCRIPT
|
||||
if [ ! -f .vagrant_provision ] ; then
|
||||
echo "Installing dependencies ..."
|
||||
sudo yum clean all > /dev/null 2>&1 && echo "[OK] Cleanup YUM."
|
||||
sudo yum makecache > /dev/null 2>&1 && echo "[OK] Create YUM cache."
|
||||
sudo yum install python libselinux-python -y -q > /dev/null 2>&1 && \
|
||||
echo "[OK] Installing Python."
|
||||
touch .vagrant_provision
|
||||
else
|
||||
echo "Already Provisioned."
|
||||
fi
|
||||
SCRIPT
|
||||
|
||||
$debian_provision = <<SCRIPT
|
||||
if [ ! -f .vagrant_provision ] ; then
|
||||
echo "Installing dependencies ..."
|
||||
sudo apt update > /dev/null 2>&1 && echo "[OK] Update APT cache."
|
||||
sudo apt-get install python -y > /dev/null 2>&1 && \
|
||||
echo "[OK] Installing Python."
|
||||
touch .vagrant_provision
|
||||
else
|
||||
echo "Already Provisioned."
|
||||
fi
|
||||
SCRIPT
|
||||
|
||||
$opensuse_provision = <<SCRIPT
|
||||
if [ ! -f .vagrant_provision ] ; then
|
||||
echo "Installing dependencies ..."
|
||||
sudo zypper refresh > /dev/null 2>&1 && echo "[OK] Update Zypper cache."
|
||||
sudo zypper install -y python python-xml > /dev/null 2>&1 && \
|
||||
echo "[OK] Installing Python."
|
||||
touch .vagrant_provision
|
||||
else
|
||||
echo "Already Provisioned."
|
||||
fi
|
||||
SCRIPT
|
||||
|
||||
VAGRANTFILE_API_VERSION = "2"
|
||||
|
||||
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
|
||||
config.vm.define "node1" do |node1|
|
||||
node1.vm.box = "centos/7"
|
||||
node1.vm.hostname = "k3s-node01"
|
||||
node1.vm.network "private_network", ip: "172.16.3.30"
|
||||
node1.vm.provider "virtualbox" do |vb|
|
||||
vb.name = "k3s - node1"
|
||||
vb.memory = 512
|
||||
end
|
||||
node1.vm.provision "shell", inline: $centos_provision
|
||||
end
|
||||
|
||||
config.vm.define "node2" do |node2|
|
||||
node2.vm.box = "debian/buster64"
|
||||
node2.vm.hostname = "k3s-node02"
|
||||
node2.vm.network "private_network", ip: "172.16.3.31"
|
||||
node2.vm.provider "virtualbox" do |vb|
|
||||
vb.name = "k3s - node2"
|
||||
vb.memory = 512
|
||||
end
|
||||
node2.vm.provision "shell", inline: $debian_provision
|
||||
end
|
||||
|
||||
config.vm.define "node3" do |node3|
|
||||
node3.vm.box = "bento/opensuse-leap-15.1"
|
||||
node3.vm.hostname = "k3s-node03"
|
||||
node3.vm.network "private_network", ip: "172.16.3.32"
|
||||
node3.vm.synced_folder ".", "/vagrant", disabled: true
|
||||
|
||||
node3.vm.provider "virtualbox" do |vb|
|
||||
vb.name = "k3s - node3"
|
||||
vb.memory = 512
|
||||
end
|
||||
node3.vm.provision "shell", inline: $opensuse_provision
|
||||
end
|
||||
|
||||
config.vm.define "node4" do |node4|
|
||||
node4.vm.box = "ubuntu/bionic64"
|
||||
node4.vm.hostname = "k3s-node04"
|
||||
node4.vm.network "private_network", ip: "172.16.3.33"
|
||||
node4.vm.provider "virtualbox" do |vb|
|
||||
vb.name = "k3s - node4"
|
||||
vb.memory = 512
|
||||
end
|
||||
node4.vm.provision "shell", inline: $debian_provision
|
||||
node4.vm.provision "ansible" do |a|
|
||||
a.limit = "all"
|
||||
a.config_file = "ansible.cfg"
|
||||
a.inventory_path = "inventory.yml"
|
||||
a.playbook = "test.yml"
|
||||
a.verbose = "vv"
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,4 +0,0 @@
|
|||
[defaults]
|
||||
|
||||
host_key_checking = false
|
||||
roles_path = ../../
|
|
@ -1,33 +0,0 @@
|
|||
---
|
||||
|
||||
all:
|
||||
vars:
|
||||
ansible_become: true
|
||||
k3s_use_docker: false
|
||||
|
||||
k3s_nodes:
|
||||
hosts:
|
||||
node1:
|
||||
ansible_host: 172.16.3.30
|
||||
ansible_user: vagrant
|
||||
ansible_port: 22
|
||||
ansible_ssh_private_key_file: '.vagrant/machines/node1/virtualbox/private_key'
|
||||
k3s_flannel_interface: eth1
|
||||
node2:
|
||||
ansible_host: 172.16.3.31
|
||||
ansible_user: vagrant
|
||||
ansible_port: 22
|
||||
ansible_ssh_private_key_file: '.vagrant/machines/node2/virtualbox/private_key'
|
||||
k3s_flannel_interface: eth1
|
||||
node3:
|
||||
ansible_host: 172.16.3.32
|
||||
ansible_user: vagrant
|
||||
ansible_port: 22
|
||||
ansible_ssh_private_key_file: '.vagrant/machines/node3/virtualbox/private_key'
|
||||
k3s_flannel_interface: eth1
|
||||
node4:
|
||||
ansible_host: 172.16.3.33
|
||||
ansible_user: vagrant
|
||||
ansible_port: 22
|
||||
ansible_ssh_private_key_file: '.vagrant/machines/node4/virtualbox/private_key'
|
||||
k3s_flannel_interface: enp0s8
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
- hosts: node1
|
||||
become: true
|
||||
roles:
|
||||
- ansible-role-k3s
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
- hosts: k3s_nodes
|
||||
become: true
|
||||
roles:
|
||||
- ansible-role-k3s
|
|
@ -1,5 +1,19 @@
|
|||
---
|
||||
|
||||
# Minimum supported version
|
||||
k3s_min_version: 1.19.3
|
||||
|
||||
# Valid states for this role
|
||||
k3s_valid_states:
|
||||
- installed
|
||||
- started
|
||||
- stopped
|
||||
- restarted
|
||||
- downloaded
|
||||
- uninstalled
|
||||
- validated
|
||||
|
||||
# Map ansible fact gathering architecture to a release name and suffix in github.
|
||||
k3s_arch_lookup:
|
||||
amd64:
|
||||
arch: amd64
|
||||
|
@ -26,13 +40,48 @@ k3s_arch_lookup:
|
|||
arch: arm
|
||||
suffix: "-armhf"
|
||||
|
||||
# Always default to stable channel, this will change with k3s_release_version
|
||||
k3s_release_channel: stable
|
||||
|
||||
# Create the API address for the k3s_github_url that has been specified
|
||||
k3s_github_api: "{{ k3s_github_url | replace('github.com', 'api.github.com') }}"
|
||||
# Create the latest release API link for github. Possibly deprecated with k3s.io updates API
|
||||
k3s_github_api_releases: "{{ k3s_github_api | replace('.com', '.com/repos') }}/releases/latest"
|
||||
# K3s updates API
|
||||
k3s_api_releases: https://update.k3s.io/v1-release/channels
|
||||
# Download location for releases
|
||||
k3s_github_download_url: "{{ k3s_github_url }}/releases/download"
|
||||
|
||||
# Empty array for counting the number of control plane nodes
|
||||
k3s_controller_count: []
|
||||
|
||||
# Default to the "system" systemd context, this will be "user" when running rootless
|
||||
k3s_systemd_context: system
|
||||
|
||||
# Directory for systemd unit files to be installed. As this role doesn't use package
|
||||
# management, this should live in /etc/systemd, not /lib/systemd
|
||||
k3s_systemd_unit_directory: "/etc/systemd/{{ k3s_systemd_context }}"
|
||||
|
||||
# Directory for gathering the k3s token for clustering. I don't see this changing.
|
||||
k3s_token_location: "/etc/rancher"
|
||||
|
||||
# Path for additional Kubernetes Manifests
|
||||
# https://rancher.com/docs/k3s/latest/en/advanced/#auto-deploying-manifests
|
||||
k3s_server_manifests_dir: /var/lib/rancher/k3s/server/manifests
|
||||
|
||||
# Config items that should not appear in k3s_server or k3s_agent
|
||||
k3s_config_exclude:
|
||||
- setting: "cluster-init"
|
||||
correction: "k3s_etcd_datastore"
|
||||
|
||||
# Config items and the versions that they were introduced
|
||||
# k3s_config_version_check:
|
||||
# - setting: example
|
||||
# version: 1.19.3
|
||||
|
||||
# Config items that should be marked as experimental
|
||||
k3s_experimental_config:
|
||||
- setting: selinux
|
||||
until: 1.19.4
|
||||
- setting: rootless
|
||||
- setting: secrets-encryption
|
||||
|
|
Loading…
Reference in a new issue